CrowdStrike Certified Falcon Hunter (CCFH) — Question 31

What part of the Investigate module should you use when you want to write custom queries to analyze, explore, or hunt for suspicious or malicious activity in your environment?

Answer options

• A. Host Search
• B. User Search
• C. Hash Execution Search
• D. Event Search

Correct answer: D

Explanation

The correct answer is D, Event Search, as it allows users to create custom queries to track and analyze events that could indicate malicious activity. The other options, such as Host Search, User Search, and Hash Execution Search, focus on specific data types and do not provide the same level of flexibility for custom queries.