Examice

Exam CCFH-202 All QuestionsBrowse all questions from this exam

Question 44

What is the difference between a Host Search and a Host Timeline?

Host Search is used for detection investigation and Host Timeline is used for proactive hunting

A Host Search organizes the data in useful event categories like process executions and network connections; a Host Timeline provides an uncategorized view of recorded events in chronological order

You access a Host Search from a detection to show you every recorded process event related to the detection and you can only populate the Host Timeline fields manually

There is no difference. You just get to them different ways

Correct Answer: B

A Host Search organizes the data in useful event categories like process executions and network connections. This allows for efficient investigation and filtering based on specific types of events related to a search criterion. On the other hand, a Host Timeline provides an uncategorized view of recorded events in chronological order, which is beneficial for understanding the sequence of activities on a host without the need to manually categorize the events.

Discussion

examtopics3000Option: B

I think B

Pipo12345Option: B

B is correct.

ChiquitabanditaOption: B

A Host Search allows you to organize and filter data based on specific event categories, making it easier to investigate and identify specific events related to your search criteria. A Host Timeline provides a chronological view of recorded events without categorization, allowing you to see all events in the order they occurred, which can be useful for understanding the sequence of activities on a host.