Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 6 Question 17 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 17
Topic #: 6
[All CCFH-202 Questions]

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:

Show Suggested Answer Hide Answer
Suggested Answer: C

The Hunting and Investigation guide contains example Event Search queries useful for threat hunting. These queries are based on common threat hunting use cases and scenarios, such as finding suspicious processes, network connections, registry activity, etc. The guide also explains how to customize and modify the queries to suit different needs and environments. The guide does not contain a list of all event types and their syntax, as that information is provided in the Events Data Dictionary. The guide also does not contain example Event Search queries useful for Falcon platform configuration, as that is not the focus of the guide.


by Lettie at May 02, 2024, 02:52 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Barb
28 days ago
A password guessing attack? Sounds like someone's trying to brute-force their way in. D is the way to go, for sure.
upvoted 0 times
...
Gilbert
29 days ago
Haha, I bet it's the users locking themselves out. Classic IT support scenario right there. But seriously, I'm going with D as well.
upvoted 0 times
Beckie
5 days ago
We should investigate the remote access mechanisms for any suspicious activity.
upvoted 0 times
...
Karol
10 days ago
I think it's more likely a password guessing attack is happening.
upvoted 0 times
...
Janessa
14 days ago
I agree, users forgetting their passwords is a common issue.
upvoted 0 times
...
...
Leontine
1 months ago
I don't think it's C. Users forgetting their new passwords shouldn't cause a sudden increase in lockouts. D sounds like the best bet to me.
upvoted 0 times
Lourdes
3 days ago
Let's also check for any unusual activity on our VPN logs to confirm if this hypothesis is correct.
upvoted 0 times
...
Slyvia
6 days ago
We should investigate further to see if there are any signs of a password guessing attack on our remote access mechanisms.
upvoted 0 times
...
Derick
8 days ago
I agree, D does seem like a plausible explanation for the increase in account lockouts.
upvoted 0 times
...
...
Emilio
2 months ago
Hmm, I'm not sure. Could it be a zero-day vulnerability in the Exchange server? That seems like a plausible attack vector.
upvoted 0 times
Dorothy
4 days ago
User 3: I think we should investigate both possibilities to be safe.
upvoted 0 times
...
Dean
6 days ago
User 2: Maybe, but it could also be a password guessing attack on the VPN.
upvoted 0 times
...
Salena
17 days ago
User 1: It's possible that a zero-day vulnerability is being exploited on the Exchange server.
upvoted 0 times
...
Huey
18 days ago
User 3: Maybe we should investigate further to confirm if that's the case.
upvoted 0 times
...
Sheridan
29 days ago
User 2: That's a good point. It's definitely a possibility.
upvoted 0 times
...
Cristina
1 months ago
User 1: I think it could be a zero-day vulnerability on the Exchange server.
upvoted 0 times
...
...
Krissy
2 months ago
I think the answer is D. A password guessing attack on remote access mechanisms like VPN is the most likely cause of the account lockouts.
upvoted 0 times
...
Marti
2 months ago
I'm not sure, but B) A publicly available web application being hacked could also be a possibility. We should investigate both scenarios.
upvoted 0 times
...
Elza
2 months ago
I agree with Lakeesha, it makes sense that someone is trying to guess passwords to gain unauthorized access.
upvoted 0 times
...
Lakeesha
2 months ago
I think the best hunting hypothesis is D) A password guessing attack is being executed against remote access mechanisms such as VPN.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77