CrowdStrike Certified Falcon Hunter (CCFH) — Question 24

When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName

Answer options

• A. The text of the query
• B. The results of the Statistics tab
• C. No data. Results can only be exported when the “table” command is used
• D. All events in the Events tab

Correct answer: B

Explanation

The correct answer is B because when using the 'stats' command, the results that are generated are summarized statistics, which are what gets exported. Option A is incorrect as the query text itself is not part of the export, option C is wrong since statistics can be exported, and option D is not applicable because only the summarized results, not all events, are exported.