Online Access Free CCFH-202 Practice Test

In the Powershell Hunt report, what does the filtering condition of commandLine! ="*badstring* " do?

• A.Displays only the command lines containing "badstring"
• B.Highlights "badstring" in all command lines in the output
• C.Prevents command lines containing "badstring" from being displayed
• D.Highlights only the command lines containing "badstring"

Which field in a DNS Request event points to the responsible process?

• A.TargetProcessld_decimal
• B.ContextProcessld_decimal
• C.ContextProcessld_readable
• D.ParentProcessId_decimal

Which threat framework allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies?

• A.NIST 800-171 Cyber Threat Framework
• B.Director of National Intelligence Cyber Threat Framework
• C.MITRE ATT&CK
• D.Lockheed Martin Cyber Kill Chain

Which of the following is a suspicious process behavior?

• A.PowerShell launching a PowerShell script
• B.An Internet browser (eg, Internet Explorer) performing multiple DNS requests
• C.Non-network processes (eg, notepad exe) making an outbound network connection
• D.PowerShell running an execution policy of RemoteSigned

You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

• A.Streaming API Event Dictionary
• B.Event stream APIs
• C.Events Data Dictionary
• D.Hunting and Investigation