Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CrowdStrike Exam CCFH-202 Topic 5 Question 16 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 16
Topic #: 5
[All CCFH-202 Questions]

Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.


Contribute your Thoughts:

Haley
7 months ago
I see your point, but I still think the Linux Sensor report is the most likely source.
upvoted 0 times
...
Laine
7 months ago
I'm not sure, but I think it could also be in the Mac Sensor report.
upvoted 0 times
...
Ilene
7 months ago
I disagree, I believe the information would be in the Sensor Policy Daily report.
upvoted 0 times
...
Haley
7 months ago
I think an analyst would find that information in the Linux Sensor report.
upvoted 0 times
...
Lachelle
8 months ago
Thanks!
upvoted 0 times
...
Dana
8 months ago
B) Linux Sensor report
upvoted 0 times
...
Lachelle
8 months ago
Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77