CrowdStrike Certified Falcon Hunter (CCFH) — Question 68

Which document in the Support and Resources section will help you write queries by providing prebuilt examples that you could modify? One such example shows execution of common reconnaissance tools.

Answer options

• A. Streaming API Reference
• B. Events Data Dictionary
• C. Query API Reference
• D. Hunting and Investigation

Correct answer: D

Explanation

The correct answer is D, as the Hunting and Investigation document provides prebuilt query examples specifically tailored for modifying in reconnaissance contexts. The other options focus on different areas: A pertains to APIs for data streaming, B covers event data structures, and C is about the Query API, none of which emphasize prebuilt query examples for modification.