CrowdStrike CCFH-202b Exam Practice Questions and Answers

Question 6 of 91

What is the purpose of this query?
Exam ccfh-202b: Image 1

A.

Display all locations for local subnets on a map

B.

Display geolocation data for all network logins on a map

C.

Display all users who are logging in from private IP ranges on a map

D.

Display geolocation data for RDP connections on a map

Question 7 of 91

Refer to the image.
Exam CCFH-202b: Image 1

Why are there six pending containment events?

A.

When requesting containment of a device, there is one event to contain the host by Agent ID, and another event to contain by Mac Address

B.

When requesting containment of a device, there is one event for the change request, and another corresponding to the completed status of the request

C.

When requesting containment of a device, there is one event for checking of the current host state, and another corresponding to the change request0

D.

When requesting containment of a device, there is one event to contain the host by Agent ID, and another event to contain by Host Name

Question 8 of 91

Falcon is generating detections for a malicious file evil.exe with varying filepaths on several hosts as end users attempt to execute the file.
Which query can be used to proactively hunt where the file exists prior to the user executing it?

A.

B.

C.

D.

Question 9 of 91

Which CQL query would output relevant data in tracking USB storage device usage?

A.

B.

C.

D.

Question 10 of 91

During an investigation you suspect that wget is used broadly to pull commands from C2 servers with public IP addresses.
How can you generate an overview of all those addresses?

A.

B.

C.

D.