Aug-2023 Realistic CCFH-202 Exam Dumps with Accurate & Updated Questions [Q34-Q52]

QUESTION 34
When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName

The text of the query

The results of the Statistics tab

No data Results can only be exported when the “table” command is used

All events in the Events tab

QUESTION 35
In the MITRE ATT&CK Framework (version 11 – the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?

Persistence and Execution

Impact and Collection

Privilege Escalation and Initial Access

Reconnaissance and Resource Development

QUESTION 36
Refer to Exhibit.

Falcon detected the above file attempting to execute. At initial glance; what indicators can we use to provide an initial analysis of the file?

VirusTotal, Hybrid Analysis, and Google pivot indicator lights enabled

File name, path, Local and Global prevalence within the environment

File path, hard disk volume number, and IOC Management action

Local prevalence, IOC Management action, and Event Search

QUESTION 37
Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?

Workflows

Event Search

Scheduled Searches

Scheduled Reports

QUESTION 38
You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

Events Data Dictionary

Streaming API Event Dictionary

Hunting and Investigation

Event stream APIs

QUESTION 39
The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?

-Command

-Hidden

-e

-nop

QUESTION 40
With Custom Alerts you are able to configure email alerts using predefined templates so you’re notified about specific activity in your environment. Which of the following outlines the steps required to properly create a custom alert rule?

Choose the template you would like to configure, setup how often you would like the alert to run, and then schedule the alert

Choose the template you would like to configure, preview the search results, and then schedule the alert

Create the query for the alert, setup the email template for the alert, and then set the schedule for the alert

Create a new custom template, configure the email template, and then create the custom query for the alert

QUESTION 41
Which of the following is a suspicious process behavior?

PowerShell running an execution policy of RemoteSigned

An Internet browser (eg, Internet Explorer) performing multiple DNS requests

PowerShell launching a PowerShell script

Non-network processes (eg, notepad exe) making an outbound network connection

QUESTION 42
Which tool allows a threat hunter to populate and colorize all known adversary techniques in a single view?

MISP

OWASP Threat Dragon

OpenXDR

MITRE ATT&CK Navigator

QUESTION 43
Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Real Time Response and Network Containment

Hunting and Investigation

Events Data Dictionary

Incident and Detection Monitoring

QUESTION 44
What elements are required to properly execute a Process Timeline?

Agent ID (AID) and Target Process ID

Agent ID (AID) only

Hostname and Local Process ID

Target Process ID only

QUESTION 45
Which Falcon documentation guide should you reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts?

Hunting and Investigation

MITRE-Based Falcon Detections Framework

Events Data Dictionary

Customizable Dashboards

QUESTION 46
You are reviewing a list of domains recently banned by your organization’s acceptable use policy. In particular, you are looking for the number of hosts that have visited each domain. Which tool should you use in Falcon?

Create a custom alert for each domain

Allowed Domain Summary Report

Bulk Domain Search

IP Addresses Search

QUESTION 47
What information is provided from the MITRE ATT&CK framework in a detection’s Execution Details?

Grouping Tag

Command Line

Technique ID

Triggering Indicator

QUESTION 48
Refer to Exhibit.

What type of attack would this process tree indicate?

Brute Forcing Attack

Man-in-the-middle Attack

Phishing Attack

Web Application Attack

QUESTION 49
In the Powershell Hunt report, what does the filtering condition of commandLine! =”*badstring* ” do?

Prevents command lines containing “badstring” from being displayed

Displays only the command lines containing “badstring”

Highlights “badstring” in all command lines in the output

Highlights only the command lines containing “badstring”

QUESTION 50
To find events that are outliers inside a network,___________is the best hunting method to use.

time-based

machine learning

searching

stacking

QUESTION 51
How do you rename fields while using transforming commands such as table, chart, and stats?

By renaming the fields with the “rename” command after the transforming command e.g. “stats count by ComputerName | rename count AS total_count”

You cannot rename fields as it would affect sub-queries and statistical analysis

By using the “renamed” keyword after the field name eg “stats count renamed totalcount by ComputerName”

By specifying the desired name after the field name eg “stats count totalcount by ComputerName”

QUESTION 52
An analyst has sorted all recent detections in the Falcon platform to identify the oldest in an effort to determine the possible first victim host What is this type of analysis called?

Visualization of hosts

Statistical analysis

Temporal analysis

Machine Learning

Leave a Reply Cancel reply