CCFH-202 Exam QuestionsBrowse all questions from this exam

CCFH-202 Exam - Question 40


Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Show Answer
Correct Answer: B

The document that provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes is 'Hunting and Investigation'. This document focuses specifically on the activities involved in hunting and investigating suspicious activities.

Discussion

1 comment
Sign in to comment
alanalanalanOption: B
Jul 14, 2024

B. Hunting and Investigation question keyword "hunt"