CrowdStrike Certified Falcon Hunter (CCFH) — Question 22

Which of the following Event Search queries would only find the DNS lookups to the domain: www.randomdomain.com?

Answer options

• A. event_simpleName=DnsRequest DomainName=www.randomdomain.com
• B. event_simpleName=DnsRequest DomainName=randomdomain.com ComputerName=localhost
• C. Dns=randomdomain.com
• D. ComputerName=localhost DnsRequest “randomdomain.com”

Correct answer: A

Explanation

Option A is correct because it specifically targets DNS requests for the exact domain www.randomdomain.com. The other options either include additional criteria that could lead to unrelated results or do not specify the complete domain name, thus not ensuring the focus on the intended domain.