CrowdStrike Certified Falcon Hunter v1.0

Page:    1 / 6   
Exam contains 91 questions
Expand All

Which threat framework allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies?

  • A. MITRE ATT&CK
  • B. Lockheed Martin Cyber Kill Chain
  • C. Director of National Intelligence Cyber Threat Framework
  • D. NIST 800-171 Cyber Threat Framework


Answer : A

In the MITRE ATT&CK Framework (version 11 - the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?

  • A. Persistence and Execution
  • B. Impact and Collection
  • C. Privilege Escalation and Initial Access
  • D. Reconnaissance and Resource Development


Answer : B

In which of the following stages of the Cyber Kill Chain does the actor not interact with the victim endpoint(s)?

  • A. Exploitation
  • B. Weaponization
  • C. Command & control
  • D. Installation


Answer : B

What information is provided from the MITRE ATT&CK framework in a detection's Execution Details?

  • A. Grouping Tag
  • B. Command Line
  • C. Technique ID
  • D. Triggering Indicator


Answer : C

You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

  • A. Events Data Dictionary
  • B. Streaming API Event Dictionary
  • C. Hunting and Investigation
  • D. Event stream APIs


Answer : A

The Events Data Dictionary found in the Falcon documentation is useful for writing hunting queries because:

  • A. It provides pre-defined queries you can customize to meet your specific threat hunting needs
  • B. It provides a list of all the detect names and descriptions found in the Falcon Cloud
  • C. It provides a reference of information about the events found in the Investigate > Event Search page of the Falcon Console
  • D. It provides a list of compatible splunk commands used to query event data


Answer : C

Which Falcon documentation guide should you reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts?

  • A. Hunting and Investigation
  • B. Customizable Dashboards
  • C. MITRE-Based-Falcon Detections Framework
  • D. Events Data Dictionary


Answer : A

What topics are presented in the Hunting and Investigation Guide?

  • A. Detailed tutorial on writing advanced queries such as sub-searches and joins
  • B. Detailed summary of event names, descriptions, and some key data fields for hunting and investigation
  • C. Sample hunting queries, select walkthroughs and best practices for hunting with Falcon
  • D. Recommended platform configurations and prevention settings to ensure detections are generated for hunting leads


Answer : C

Which of the following does the Hunting and Investigation Guide contain?

  • A. A list of all event types and their syntax
  • B. A list of all event types specifically used for hunting and their syntax
  • C. Example Event Search queries useful for threat hunting
  • D. Example Event Search queries useful for Falcon platform configuration


Answer : C

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

  • A. Real Time Response and Network Containment
  • B. Hunting and Investigation
  • C. Events Data Dictionary
  • D. Incident and Detection Monitoring


Answer : B

What is the main purpose of the Mac Sensor report?

  • A. To identify endpoints that are in Reduced Functionality Mode
  • B. To provide a summary view of selected activities on Mac hosts
  • C. To provide vulnerability assessment for Mac Operating Systems
  • D. To provide a dashboard for Mac related detections


Answer : B

Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?

  • A. Sensor Health report
  • B. Linux Sensor report
  • C. Sensor Policy Daily report
  • D. Mac Sensor report


Answer : B

Which of the following best describes the purpose of the Mac Sensor report?

  • A. The Mac Sensor report displays a listing of all Mac hosts without a Falcon sensor installed
  • B. The Mac Sensor report provides a detection focused view of known malicious activities occurring on Mac hosts, including machine-learning and indicator-based detections
  • C. The Mac Sensor report displays a listing of all Mac hosts with a Falcon sensor installed
  • D. The Mac Sensor report provides a comprehensive view of activities occurring on Mac hosts, including items of interest that may be hunting or investigation leads


Answer : B

In the Powershell Hunt report, what does the “score” signify?

  • A. Number of hosts that ran the PowerShell script
  • B. How recently the PowerShell script executed
  • C. Maliciousness score determined by NGAV
  • D. A cumulative score of the various potential command line switches


Answer : C

In the Powershell Hunt report, what does the filtering condition of CommandLine!="*badstring*" do?

  • A. Prevents command lines containing “badstring” from being displayed
  • B. Displays only the command lines containing “badstring”
  • C. Highlights “badstring” in all command lines in the output
  • D. Highlights only the command lines containing “badstring”


Answer : A

Page:    1 / 6   
Exam contains 91 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy