CrowdStrike Certified Falcon Hunter (CCFH) — Question 15

What is the difference between a Host Search and a Host Timeline?

Answer options

• A. Host Search is used for detection investigation and Host Timeline is used for proactive hunting
• B. A Host Search organizes the data in useful event categories like process executions and network connections; a Host Timeline provides an uncategorized view of recorded events in chronological order
• C. You access a Host Search from a detection to show you every recorded process event related to the detection and you can only populate the Host Timeline fields manually
• D. There is no difference. You just get to them different ways

Correct answer: B

Explanation

The correct answer is B because it accurately describes how a Host Search organizes data into categories while a Host Timeline displays events in chronological order without categorization. Other options either misrepresent the functions of the two tools or incorrectly state that there is no difference.