CrowdStrike Exam CCFH-202 Topic 2 Question 21 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam

Question #: 21
Topic #: 2

[All CCFH-202 Questions]

Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?

ASensor Health report

BLinux Sensor report

CSensor Policy Daily report

DMac Sensor report

Show Suggested Answer

Suggested Answer: B

The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.

by Felix at Jun 21, 2024, 10:58 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ettie

5 months ago

Definitely B) Linux Sensor report. That's where all the juicy Linux-specific details are. Who needs a Sensor Health report when you've got the Linux Sensor?

upvoted 0 times

...

Theodora

5 months ago

Haha, D) Mac Sensor report? Really? As if a Mac would ever spawn a root shell. B) Linux Sensor report is the obvious choice here.

upvoted 0 times

Clay

3 months ago

I agree, B) Linux Sensor report is the most relevant choice for that kind of data.

upvoted 0 times

...

Jamal

3 months ago

Yeah, definitely not D) Mac Sensor report. Linux Sensor report is the way to go.

upvoted 0 times

...

Carmen

3 months ago

B) Linux Sensor report would be the best option for that information.

upvoted 0 times

...

Anglea

3 months ago

C) Sensor Policy Daily report

upvoted 0 times

...

Lonny

4 months ago

B) Linux Sensor report

upvoted 0 times

...

Tarra

4 months ago

A) Sensor Health report

upvoted 0 times

...

Shawna

5 months ago

C'mon, it's gotta be B) Linux Sensor report. I mean, what else would it be? The Mac Sensor report?

upvoted 0 times

Zita

4 months ago

Yeah, the Linux Sensor report is definitely where you would find that information.

upvoted 0 times

...

Hermila

4 months ago

I think you're right, it has to be B) Linux Sensor report.

upvoted 0 times

...

Lasandra

5 months ago

Definitely B) Linux Sensor report. That's the go-to place for all things related to the Linux operating system.

upvoted 0 times

Devon

4 months ago

It's important to regularly review the Linux Sensor report for any anomalies.

upvoted 0 times

...

Mauricio

4 months ago

The Linux Sensor report is a valuable resource for analyzing system behavior.

upvoted 0 times

...

Vi

4 months ago

I always check the Linux Sensor report for any suspicious activity.

upvoted 0 times

...

Rene

5 months ago

I agree, the Linux Sensor report is the best place to find that information.

upvoted 0 times

...

Dorothy

5 months ago

I think the answer is B) Linux Sensor report. That's where I'd expect to find information about shell activities and network tool usage.

upvoted 0 times

Dorthy

4 months ago

Yes, the Linux Sensor report is the right place to look for those details.

upvoted 0 times

...

Refugia

5 months ago

I agree, the Linux Sensor report would have that information.

upvoted 0 times

...

Mee

5 months ago

I think it's definitely not in the Mac Sensor report, so I would go with the Linux Sensor report as well.

upvoted 0 times

...

Kimbery

5 months ago

I'm not sure, but I think it could also be in the Sensor Policy Daily report.

upvoted 0 times

...

Jess

6 months ago

I agree with Leota, the Linux Sensor report makes the most sense for that kind of information.

upvoted 0 times

...

Leota

6 months ago

I think the analyst would find that information in the Linux Sensor report.

upvoted 0 times

...