CrowdStrike Certified Falcon Hunter (CCFH) — Question 7

You initiate a search with the following query:

event_simpleName=UserLogon | table _time ComputerName UserName

What results will display?

Answer options

• A. Machine-readable event host time, host name, user name
• B. Human-readable event host time, host name, user name
• C. Machine-readable event cloud time, host name, user name
• D. Human-readable event cloud time, host name, user name

Correct answer: B

Explanation

The correct answer is B because the command formats the output in a human-readable table, displaying the specified fields. Options A and C suggest machine-readable formats, which do not apply here, while option D incorrectly implies that the output relates to cloud time instead of the specified event time.