CrowdStrike Certified Falcon Hunter (CCFH) — Question 53

Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?

Answer options

• A. Sensor Health report
• B. Linux Sensor report
• C. Sensor Policy Daily report
• D. Mac Sensor report

Correct answer: B

Explanation

The correct answer is B, as the Linux Sensor report provides specific insights into system-level activities such as shell spawning by root and Kernel Module loads. The other options do not focus on Linux-specific activities or do not include the detailed analysis required for wget/curl usage.