最新的CrowdStrike CCFH-202免費考試真題

問題1

Which field should you reference in order to find the system time of a *FileWritten event?

A. timestamp

B. ProcessStartTime_decimal

C. ContextTimeStamp_decimal

D. FileTimeStamp_decimal

正確答案: C

說明：（僅 Fast2test 成員可見）

問題2

In the Powershell Hunt report, what does the filtering condition of commandLine! ="*badstring* " do?

A. Prevents command lines containing "badstring" from being displayed

B. Highlights "badstring" in all command lines in the output

C. Highlights only the command lines containing "badstring"

D. Displays only the command lines containing "badstring"

正確答案: A

說明：（僅 Fast2test 成員可見）

問題3

The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?

A. -e

B. -Command

C. -nop

D. -Hidden

正確答案: B

說明：（僅 Fast2test 成員可見）

問題4

In the Powershell Hunt report, what does the "score" signify?

A. A cumulative score of the various potential command line switches

B. Maliciousness score determined by NGAV

C. How recently the PowerShell script executed

D. Number of hosts that ran the PowerShell script

正確答案: A

說明：（僅 Fast2test 成員可見）

問題5

Event Search data is recorded with which time zone?

A. EST

B. GMT

C. UTC

D. PST

正確答案: C

說明：（僅 Fast2test 成員可見）

問題6

Which field in a DNS Request event points to the responsible process?

A. ContextProcessld_decimal

B. ParentProcessId_decimal

C. ContextProcessld_readable

D. TargetProcessld_decimal

正確答案: C

說明：（僅 Fast2test 成員可見）

問題7

Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?

A. Event Search

B. Workflows

C. Scheduled Reports

D. Scheduled Searches

正確答案: D

說明：（僅 Fast2test 成員可見）

最新的CrowdStrike Certified Falcon Hunter - CCFH-202免費考試真題

聯系我們

站內鏈接

最新更新