CrowdStrike CCFH-202b - CrowdStrike Certified Falcon Hunter Exam
Page: 2 / 19
Total 91 questions
Question #6 (Topic: Exam A)
What is the purpose of this query?
A. Display all locations for local subnets on a map
B. Display geolocation data for all network logins on a map
C. Display all users who are logging in from private IP ranges on a map
D. Display geolocation data for RDP connections on a map
Answer: D
Question #7 (Topic: Exam A)
Refer to the image.
Why are there six pending containment events?
Why are there six pending containment events?
A. When requesting containment of a device, there is one event to contain the host by Agent ID, and another event to contain by Mac Address
B. When requesting containment of a device, there is one event for the change request, and another corresponding to the completed status of the request
C. When requesting containment of a device, there is one event for checking of the current host state, and another corresponding to the change request0
D. When requesting containment of a device, there is one event to contain the host by Agent ID, and another event to contain by Host Name
Answer: B
Question #8 (Topic: Exam A)
Falcon is generating detections for a malicious file evil.exe with varying filepaths on several hosts as end users attempt to execute the file.
Which query can be used to proactively hunt where the file exists prior to the user executing it?
Which query can be used to proactively hunt where the file exists prior to the user executing it?
A. 
B. 
C. 
D. 
B.
C.
D.
Answer: A
Question #9 (Topic: Exam A)
Which CQL query would output relevant data in tracking USB storage device usage?
A. 
B. 
C. 
D. 
B.
C.
D.
Answer: C
Question #10 (Topic: Exam A)
During an investigation you suspect that wget is used broadly to pull commands from C2 servers with public IP addresses.
How can you generate an overview of all those addresses?
How can you generate an overview of all those addresses?
A. 
B. 
C. 
D. 
B.
C.
D.
Answer: C
