nerdexam
CrowdStrike

CCFH-202B · Question #20

CCFH-202B Question #20: Real Exam Question with Answer & Explanation

The correct answer is B. Hunting and Investigation. The Hunting and Investigation document provides information on best practices for writing Splunk- based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious pr

Question

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Options

  • AReal Time Response and Network Containment
  • BHunting and Investigation
  • CEvents Data Dictionary
  • DIncident and Detection Monitoring

Explanation

The Hunting and Investigation document provides information on best practices for writing Splunk- based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes. As explained above, the Hunting and Investigation document is a guide that provides sample hunting queries, select walkthroughs, and best practices for hunting with Falcon. The other documents do not provide the same information.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCFH-202B Practice