CrowdStrike CCFH-202 Exam Actual Questions

The questions for CCFH-202 were last updated on Nov. 10, 2024.

Viewing page 1 out of 22 pages.
Viewing questions 1-4 out of 88 questions

Topic 1 - Exam A

Question #1 Topic 1

Which of the following is a suspicious process behavior?

A. PowerShell running an execution policy of RemoteSigned
B. An Internet browser (eg., Internet Explorer) performing multiple DNS requests
C. PowerShell launching a PowerShell script
D. Non-network processes (e.g., notepad.exe) making an outbound network connection

Reveal Solution Discussion 3

Correct Answer: D 🗳️

Question #2 Topic 1

Which field should you reference in order to find the system time of a *FileWritten event?

A. ContextTimeStamp_decimal
B. FileTimeStamp_decimal
C. ProcessStartTime_decimal
D. timestamp

Reveal Solution Discussion 5

Correct Answer: A 🗳️

Question #3 Topic 1

What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?

A. Hash Search
B. IP Search
C. Domain Search
D. User Search

Reveal Solution Discussion 4

Correct Answer: D 🗳️

Question #4 Topic 1

An analyst has sorted all recent detections in the Falcon platform to identify the oldest in an effort to determine the possible first victim host. What is this type of analysis called?

A. Visualization of hosts
B. Statistical analysis
C. Temporal analysis
D. Machine Learning

Reveal Solution Discussion 1

Correct Answer: C 🗳️

CrowdStrike CCFH-202 Exam Actual Questions

The questions for CCFH-202 were last updated on Nov. 10, 2024.

Topic 1 - Exam A

Get IT Certification

New Version GCP Professional Cloud Architect Certificate & Helpful Information

The 5 Most In-Demand Project Management Certifications of 2019