What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?

CCFH-202 0 Comments

What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?
A . Hash Search
B. IP Search
C. Domain Search
D. User Search

Answer: D

Explanation:

User Search is a search page that allows a threat hunter to search for user activity across endpoints and correlate it with other events. This can help differentiate testing, DevOPs, or general user activity from adversary behavior by identifying anomalous or suspicious user actions, such as logging into multiple systems, running unusual commands, or accessing sensitive files.

Reference: https://www.crowdstrike.com/blog/tech-center/user-search-in-crowdstrike-falcon/

Latest CCFH-202 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCFH-202 PDF    CCFH-202 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments