CrowdStrike Falcon Hunter Certification Exam Syllabus

CCFH-202b Dumps Questions, CCFH-202b PDF, Falcon Hunter Exam Questions PDF, CrowdStrike CCFH-202b Dumps Free, CCFH Official Cert Guide PDF, CrowdStrike CCFH Dumps, CrowdStrike CCFH PDFThe CrowdStrike CCFH-202b exam preparation guide is designed to provide candidates with necessary information about the Falcon Hunter exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the CrowdStrike Certified Falcon Hunter (CCFH) exam.

It is recommended for all the candidates to refer the CCFH-202b objectives and sample questions provided in this preparation guide. The CrowdStrike CCFH certification is mainly targeted to the candidates who want to build their career in Falcon Platform domain and demonstrate their expertise. We suggest you to use practice exam listed in this cert guide to get used to with exam environment and identify the knowledge areas where you need more work prior to taking the actual CrowdStrike Falcon Hunter exam.

CrowdStrike CCFH-202b Exam Summary:

Exam Name
CrowdStrike Falcon Hunter
Exam Code CCFH-202b
Exam Price $250 USD
Duration 90 minutes
Number of Questions 60
Passing Score 80%
Recommended Training / Books CCFH Training
Schedule Exam PEARSON VUE
Sample Questions CrowdStrike CCFH-202b Sample Questions
Recommended Practice CrowdStrike Certified Falcon Hunter (CCFH) Practice Test

CrowdStrike Falcon Hunter Syllabus:

Section Objectives
ATT&CK Frameworks - Demonstrate knowledge of the cyber kill chain (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, covering tracks) and recognize intelligence gaps
- Utilize the MITRE ATT&CK Framework to model threat actor behaviors
- Operationalize the MITRE ATT&CK Framework to look for research threat models, TTPs and threat actors, and pivot as necessary and convey to non-technical audiences
Detection Analysis - Analyze information displayed in the Host Timeline to understand host states and events
- Analyze the information displayed in the Process Timeline to understand the flow of events and detections
- Pivot from the detection page to additional investigative tools
Search and Investigation Tools - Analyze and interpret metadata around files and processes recorded by Falcon
- Differentiate use of Investigate Module tools available in Falcon
- Understand use cases for various search options (e.g., User Search, Host Search, Hash Search, IP Addresses Search, Bulk Domain Search)
- Interpret search result information displayed in dashboards to determine additional investigation or action
Event Search - Define key syntax of CrowdStrike Query Language (CQL)
- Build a query and perform a search using CQL
- Format event data for user readability, export or charting
- Filter event data and analyze results
- Describe the process relationship of (Target/Parent/Context)
- Define key data event types
- Convert and format Unix times to UTC readable time
- Create a custom dashboard to display Advanced Event Search results
Reports and References - Use the built-in Hunt reports to refine event details
- Use the built-in Visibility reports to refine event details
- Leverage the Events Full Reference documentation to learn information about specific events
Hunting Analytics - Analyze and recognize suspicious overt malicious behaviors
- Understand target systems (asset inventory and who would target those assets)
- Evaluate information for reliability, validity and relevance for use in the process of elimination
- Identify alternative analytical interpretations to minimize and reduce false positives
- Decode and understand PowerShell/CMD activity
- Recognize patterns such as an enterprise-wide file infection process to determine the root cause or source of the infection
- Differentiate testing, DevOPs or general user activity from adversary behavior
- Identify the vulnerability exploited from an initial attack vector
Hunting Methodology - Conduct routine active hunt operations within your environment in order to determine if your environment has been breached
- Perform outlier analysis with the Falcon tool
- Conduct hypothesis and hunting lead generation in order to prove them using Falcon tools
- Construct simple and complex EAM queries in Falcon
- Investigate a process tree

 

Your rating: None Rating: 5 / 5 (1 vote)