CrowdStrike Exam CCFH-202 Topic 2 Question 37 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam

Question #: 37
Topic #: 2

Which of the following is the proper method to quantify search results, enabling a hunter to quickly sort and identify outliers?

AUsing the '| stats count by' command at the end of a search string in Event Search

BUsing the '|stats count' command at the end of a search string in Event Search

CUsing the '|eval' command at the end of a search string in Event Search

DExporting Event Search results to a spreadsheet and aggregating the results

Show Suggested Answer

Suggested Answer: B

The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.

by Wilbert at Jan 25, 2025, 02:15 AM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Youlanda

Option D sounds tempting, but exporting to a spreadsheet is just too much work. I'll stick with option B - the '|stats count' command is quick and easy.

upvoted 0 times

...