CrowdStrike
CCFH-202B · Question #62
CCFH-202B Question #62: Real Exam Question with Answer & Explanation
Sign in or unlock CCFH-202B to reveal the answer and full explanation for question #62. The question stem and answer options stay visible for context.
Question
Suspicious RDP connections have been observed on a host within your environment. How do you utilize Event Search to show all connections on this specific host?
Options
- Aevent_simpleName=UserIdentity LogonType_decimal=10 | table timestamp ComputerName
- BTable timestamp ComputerName UserName UserPrincipal LogonServer
- CUserIdentity=LogonType_decimal=10 | table timestamp UserPrincipal LogonServer
- Daid=[my-aid] event_simpleName=UserIdentity LogonType_decimal=10 | table timestamp
Unlock CCFH-202B to see the answer
You've previewed enough free CCFH-202B questions. Unlock CCFH-202B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.