CrowdStrike Certified Falcon Hunter (CCFH) — Question 6

How would you find a list of executables running from the Recycle Bin across your environment?

Answer options

• A. Executables running from Recycle Bin hunt report
• B. The only way to get this information is to copy the query from the Hunting Guide and search in Event Search
• C. There is no need for this report as it would always cause a detection in Falcon
• D. Processes can't run from the Recycle Bin

Correct answer: A

Explanation

The correct answer is A because the hunt report specifically focuses on identifying executables running from the Recycle Bin. Option B is incorrect as it suggests an alternative method that is not necessary when the report exists. Option C is misleading since the report can provide valuable insights despite potential detections, and option D is false because processes can indeed run from the Recycle Bin under certain circumstances.