CrowdStrike Certified Falcon Hunter (CCFH) — Question 55

What Investigate tool would you use to allow an analyst to view all events for a specific host?

Answer options

• A. Bulk Timeline
• B. Host Search
• C. Host Timeline
• D. Process Timeline

Correct answer: C

Explanation

The correct answer, Host Timeline, provides a comprehensive view of all the events associated with a specific host, making it essential for thorough analysis. While Bulk Timeline allows for broader event viewing across multiple hosts, Host Search focuses on finding specific hosts without detailing their events, and Process Timeline is centered around individual processes rather than the host as a whole.