CrowdStrike Certified Falcon Hunter (CCFH) — Question 73

Your organization's next-gen firewall has detected evidence of DNS beaconing occurring from an internal source. The firewall provides you with the beaconing host's internal (private) IP address.

In an IP search, which field would you leverage to identify the hostname based on this indicator?

Answer options

• A. Destination IP
• B. Bulk Host Audit
• C. External IP
• D. Source IP

Correct answer: D

Explanation

The correct answer is D, Source IP, as this field contains the IP address of the device that initiated the DNS queries, allowing you to find the associated hostname. The other options do not refer to the originating device's IP address, making them unsuitable for identifying the hostname related to the internal source of the beaconing.