CrowdStrike Certified Falcon Hunter (CCFH) — Question 45
You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?
Answer options
- A. Events Data Dictionary
- B. Streaming API Event Dictionary
- C. Hunting and Investigation
- D. Event stream APIs
Correct answer: A
Explanation
The correct choice is A, the Events Data Dictionary, as it specifically provides comprehensive information about key data fields and sensor events related to the Falcon sensor. The other options, while relevant to events or APIs, do not focus specifically on the detailed data fields associated with the Falcon sensor's events.