CrowdStrike Certified Falcon Hunter (CCFH) — Question 35

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:

Answer options

• A. A zero-day vulnerability is being exploited on a Microsoft Exchange server
• B. A publicly available web application has been hacked and is causing the lockouts
• C. Users are locking their accounts out because they recently changed their passwords
• D. A password guessing attack is being executed against remote access mechanisms such as VPN

Correct answer: D

Explanation

The correct answer is D because an increase in account lockouts often indicates a brute-force or password guessing attack, especially against remote access systems like VPNs. Options A and B suggest external vulnerabilities that do not directly explain the lockouts, while option C is more likely a user error rather than a targeted attack.