What do you click to jump to a Process Timeline from many pages in Falcon, such as a Hash Search?
A. Process Timeline Link
B. Process ID or Parent Process ID
C. CID
D. PID
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
You are reviewing a list of domains recently banned by your organization's acceptable use policy. In particular, you are looking for the number of hosts that have visited each domain. Which tool should you use in Falcon?
A. Bulk Domain Search
B. Allowed Domain Summary Report
C. Create a custom alert for each domain
D. IP Addresses Search
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which pre-defined reports offer information surrounding activities that typically indicate suspicious activity occurring on a system?
A. Timeline reports
B. Sensor reports
C. Scheduled searches
D. Hunt reports
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
How do you rename fields while using transforming commands such as table, chart, and stats?
A. By specifying the desired name after the field name eg "stats count totalcount by ComputerName"
B. By using the "renamed" keyword after the field name eg "stats count renamed totalcount by ComputerName"
C. You cannot rename fields as it would affect sub-queries and statistical analysis
D. By renaming the fields with the "rename" command after the transforming command e.g. "stats count by ComputerName | rename count AS total_count"
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Which of the following is a recommended technique to find unique outliers among a set of data in the Falcon Event Search?
A. Time-based Searching
B. Machine Learning
C. Hunt-and-Peck Search Methodology
D. Stacking (Frequency Analysis)
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
What information is provided from the MITRE ATT&CK framework in a detection's Execution Details?
A. Command Line
B. Grouping Tag
C. Triggering Indicator
D. Technique ID
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
いち** -
問題集を購入してみたんだが、本当に使えて、本番試験にも無事合格した。地味にすげぇ。高得点で試験に合格しました。