CrowdStrike Certified Falcon Hunter (CCFH) — Question 81

When performing a raw event search via the Events search page, what are Event Actions?

Answer options

• A. Event Actions contains an audit information log of actions an analyst took in regards to a specific detection.
• B. Event Actions contains the summary of actions taken by the Falcon sensor such as quarantining a file, prevent a process from executing or taking no actions and creating a detection only.
• C. Event Actions are pivotable workflows including connecting to a host, pre-made event searches and pivots to other investigatory pages such as host search.
• D. Event Actions is the field name that contains the event name defined in the Events Data Dictionary such as ProcessRollup, SyntheticProcessRollup, DNS request, etc.

Correct answer: C

Explanation

The correct answer is C, as Event Actions refer to the pivotable workflows that allow users to connect to hosts and conduct various investigations. Option A describes audit logs, which are not what Event Actions entail. Option B focuses on the actions of the Falcon sensor, and Option D pertains to event names in the dictionary, neither of which capture the essence of Event Actions.