Examice

Exam CCFH-202 All QuestionsBrowse all questions from this exam

Question 7

Which of the following is an example of a Falcon threat hunting lead?

A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories

Security appliance logs showing potentially bad traffic to an unknown external IP address

A help desk ticket for a user clicking on a link in an email causing their machine to become unresponsive and have high CPU usage

An external report describing a unique 5 character file extension for ransomware encrypted files

Correct Answer: A

A Falcon threat hunting lead typically involves identifying potentially malicious activity by analyzing specific behavioral patterns or indicators within an environment. A query showing process executions of single-letter filenames from temporary directories is indicative of suspicious activities often employed by malware. Hence, this query represents a concrete example of a Falcon threat hunting lead.

Discussion

4 comments

alanalanalanOption: A

Jul 9, 2024

Selected Answer: A

silva222222Option: A

May 4, 2024

The best example of a Falcon threat hunting lead in the context of CrowdStrike is: A. A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories

Tech_AmitOption: B

Apr 20, 2024

I think , it should be B

Tech_AmitOption: A

Apr 20, 2024

I think , it should be A