Examice

Exam CCFR-201 All QuestionsBrowse all questions from this exam

Question 54

What does pivoting to an Event Search from a detection do?

It gives you the ability to search for similar events on other endpoints quickly

It takes you to the raw Insight event data and provides you with a number of Event Actions

It takes you to a Process Timeline for that detection so you can see all related events

It allows you to input an event type, such as DNS Request or ASEP write, and search for those events within the detection

Correct Answer: B

Pivoting to an Event Search from a detection takes you to the raw Insight event data and provides you with a number of Event Actions. This allows for a detailed investigation by accessing the basic event data and performing various event-specific actions to examine the detection further.

Discussion

sbag0024Option: B

The answer is B. When you click on Full Detection data and then the 3 dots, you can pivot to Event Seach where you land on the raw data info where you can select "Event Actions" which there are a number of them to select. Going with B

alanalanalanOption: B

Answer agree with B

jdilliwayOption: B

Agreed with sbag0024. The correct answer is 'B'. When investigating a detection, there will be a magnifying glass icon. Hovering and selecting 'Event Search' will open the Splunk equivalent search engine, exposing all of the raw data from the 'aid' and 'treeIdDecimal'.

wildbandanaOption: D

right one is D

jdilliway

You're wrong. It's B.