CCFH-202b Exam - Free CrowdStrike Questions and Answers

Question #1 (Topic: Exam A)

Refer to the exhibit.
While investigating a process tree, you hover over a malicious powershell.exe process.

What is the correct sequence of Process Actions?

A. 7 Network Operations
4 Disk Operations
61 DNS Requests
2 Process Operations B. 8 Network Operations
61 Disk Operations
4 DNS Requests
2 Process Operations C. 7 Network Operations
4 Disk Operations
8 DNS Requests D. 61 Process Operations
7 Network Operations
4 Disk Operations
61 DNS Requests
8 Process Operations

Answer: A

Question #2 (Topic: Exam A)

You want to hunt for the least-used Windows services that are starting from non-standard locations.
Which query below will provide this information?

A.

B.

C.

Answer: B

Question #3 (Topic: Exam A)

Which hunting query's results could indicate that an adversary is performing reconnaissance from a specific host?

A.

B.

C.

D.

Answer: B

Question #4 (Topic: Exam A)

You are investigating a process tree where WmiPrvSE launched PowerShell with the following command:

What is this command doing?

A. Using PowerShell to perform a discovery scan of 172.17.0.21 on port 8080 B. Utilizing PowerShell to download a reverse shell from GitHub and executing it to create a connection C. Utilizing PowerShell to force a connection to a reverse shell originating from Github

Answer: B

Question #5 (Topic: Exam A)

Refer to the image.

What line item of the query is used to perform outlier analysis?

A. Line 2 B. Line 3 C. Line 4 D. Line 6

Answer: D

CrowdStrike CCFH-202b - CrowdStrike Certified Falcon Hunter Exam