CrowdStrike Certified Falcon Hunter (CCFH) — Question 21

Which of the following does the Hunting and Investigation Guide contain?

Answer options

• A. A list of all event types and their syntax
• B. A list of all event types specifically used for hunting and their syntax
• C. Example Event Search queries useful for threat hunting
• D. Example Event Search queries useful for Falcon platform configuration

Correct answer: C

Explanation

The correct answer is C because the Hunting and Investigation Guide provides example Event Search queries that are essential for threat hunting activities. Options A and B are incorrect because they focus on event types rather than queries. Option D is also incorrect as it pertains to Falcon platform configuration, which is not the focus of the guide.