CrowdStrike Certified Falcon Hunter (CCFH) — Question 49

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Answer options

• A. Real Time Response and Network Containment
• B. Hunting and Investigation
• C. Events Data Dictionary
• D. Incident and Detection Monitoring

Correct answer: B

Explanation

The correct answer is B, as the 'Hunting and Investigation' document specifically addresses best practices and predefined queries for identifying suspicious activities. The other options do not focus on Splunk hunting queries or lack the specific information needed for hunting network connections and processes.