CCFH-202 무료 덤프문제 온라인 액세스

How do you rename fields while using transforming commands such as table, chart, and stats?

• A.By renaming the fields with the "rename" command after the transforming command e.g. "stats count by ComputerName | rename count AS total_count"
• B.By specifying the desired name after the field name eg "stats count totalcount by ComputerName"
• C.You cannot rename fields as it would affect sub-queries and statistical analysis
• D.By using the "renamed" keyword after the field name eg "stats count renamed totalcount by ComputerName"

What do you click to jump to a Process Timeline from many pages in Falcon, such as a Hash Search?

• A.Process ID or Parent Process ID
• B.PID
• C.Process Timeline Link
• D.CID

When performing a raw event search via the Events search page, what are Event Actions?

• A.Event Actions is the field name that contains the event name defined in the Events Data Dictionary such as ProcessRollup, SyntheticProcessRollup, DNS request, etc
• B.Event Actions contains an audit information log of actions an analyst took in regards to a specific detection
• C.Event Actions contains the summary of actions taken by the Falcon sensor such as quarantining a file, prevent a process from executing or taking no actions and creating a detection only
• D.Event Actions are pivotable workflows including connecting to a host, pre-made event searches and pivots to other investigatory pages such as host search

Which pre-defined reports offer information surrounding activities that typically indicate suspicious activity occurring on a system?

• A.Timeline reports
• B.Hunt reports
• C.Scheduled searches
• D.Sensor reports

You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query.

• A.*$Recycle Bin*
• B.^$Recycle Bin*
• C.^$Recycle.Bin%^
• D.*$Recycle Bin^