Curious about Actual CrowdStrike CCFH (CCFH-202) Exam Questions?
Here are sample CrowdStrike Certified Falcon Hunter (CCFH-202) Exam questions from real exam. You can get more CrowdStrike CCFH (CCFH-202) Exam premium practice questions at TestInsights.
Which tool allows a threat hunter to populate and colorize all known adversary techniques in a single view?
Correct : D
MITRE ATT&CK Navigator is a tool that allows a threat hunter to populate and colorize all known adversary techniques in a single view. It is based on the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics. The tool enables threat hunters to create custom matrices, layers, annotations, and filters to explore and model specific adversary techniques, with links to intelligence and case studies.
Start a Discussions
Which of the following is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain?
Correct : B
Discovering internet-facing servers is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain. The RECONNAISSANCE phase is where the adversary researches and identifies targets, vulnerabilities, and attack vectors. Discovering internet-facing servers is a way for the adversary to find potential entry points or weaknesses in the target network.
Start a Discussions
Which threat framework allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies?
Correct : A
MITRE ATT&CK is a threat framework that allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies. It is a knowledge base of adversary behaviors and tactics that covers various platforms, domains, and scenarios. It provides a common language and structure for threat hunters to understand and analyze threats, as well as to share findings and recommendations.
Start a Discussions
In the MITRE ATT&CK Framework (version 11 - the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?
Correct : D
Reconnaissance and Resource Development are two tactics that are not in the Enterprise: Windows matrix of the MITRE ATT&CK Framework (version 11). These two tactics are part of the PRE-ATT&CK matrix, which covers the actions that adversaries take before compromising a target. The Enterprise: Windows matrix covers the actions that adversaries take after gaining initial access to a Windows system. Persistence, Execution, Impact, Collection, Privilege Escalation, and Initial Access are all tactics that are in the Enterprise: Windows matrix.
Start a Discussions
What is the difference between a Host Search and a Host Timeline?
Correct : B
This is the difference between a Host Search and a Host Timeline. A Host Search is an Investigate tool that allows you to view events by category, such as process executions, network connections, file writes, etc. A Host Timeline is an Investigate tool that allows you to view all events in chronological order, without any categorization. Both tools can be used for detection investigation and proactive hunting, depending on the use case and preference. You can access a Host Search from a detection or manually enter the host details. You can also populate the Host Timeline fields manually or from other pages in Falcon.
Start a Discussions
Total 60 questions