Examice

Exam CCFH-202 All QuestionsBrowse all questions from this exam

Go to Exam

Question 38

What topics are presented in the Hunting and Investigation Guide?

Detailed tutorial on writing advanced queries such as sub-searches and joins

Detailed summary of event names, descriptions, and some key data fields for hunting and investigation

Sample hunting queries, select walkthroughs and best practices for hunting with Falcon

Recommended platform configurations and prevention settings to ensure detections are generated for hunting leads

Correct Answer: C

The Hunting and Investigation Guide contains sample hunting queries, select walkthroughs, and best practices for hunting with Falcon. This encompasses practical examples and strategies for identifying threats and anomalies using Falcon's tools and methodologies.

Discussion

alanalanalanOption: C

C. Sample hunting queries, select walkthroughs and best practices for hunting with Falcon The Hunting Guide for Windows teaches you how to hunt for adversaries, suspicious activities, suspicious processes, and vulnerabilities on the Windows platform using Falcon. This guide contains information about how to hunt using Falcon and is tailored specifically towards users running the Falcon sensor on Windows devices. However, a lot of the ideas and concepts also apply to users running the Falcon sensor on Mac or Linux. Depending on the sensor platform, however, the names and descriptions of certain events as well as custom query syntax will vary