Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CrowdStrike Exam CCFH-202 Topic 9 Question 20 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 20
Topic #: 9
[All CCFH-202 Questions]

What kind of activity does a User Search help you investigate?

Show Suggested Answer Hide Answer
Suggested Answer: B

User Search is an Investigate tool that helps you investigate a list of process activity executed by the specified user account. It shows information such as process name, command line, parent process name, parent command line, etc. for each process that was executed by the user account on any host in your environment. It does not show a history of Falcon UI logon activity, a count of failed user logon activity, or a list of DNS queries by the specified user account.


Contribute your Thoughts:

Dacia
5 months ago
Definitely not option A - that's login history, not user activity. Gotta be one of the other choices, but which one...?
upvoted 0 times
...
Leontine
5 months ago
A count of failed logins could be useful, but I don't think that's the main purpose of the User Search. I'm leaning towards option D.
upvoted 0 times
Kristofer
4 months ago
I think option B could also be helpful in understanding the process activity of the user account.
upvoted 0 times
...
Rossana
5 months ago
I agree, option D seems like the most relevant for investigating user activity.
upvoted 0 times
...
...
Willis
6 months ago
Hmm, I'm not sure if the User Search would give you a list of processes. That sounds more like something you'd get from a process or event log.
upvoted 0 times
Lillian
5 months ago
B) A list of process activity executed by the specified user account
upvoted 0 times
...
Casie
5 months ago
A) A history of Falcon Ul logon activity
upvoted 0 times
...
...
Margurite
6 months ago
I agree with Lili, because it can provide valuable information about what actions were taken by a specific user.
upvoted 0 times
...
Wilford
6 months ago
The User Search seems to be more about user activity, not login history. I'd go with option B.
upvoted 0 times
Effie
5 months ago
I think option A could also be useful to track the history of Falcon Ul logon activity.
upvoted 0 times
...
Malcom
5 months ago
I agree, option B seems to be the most relevant for investigating user activity.
upvoted 0 times
...
Dorsey
5 months ago
I think option A could also be useful, but option B is definitely more focused on user activity.
upvoted 0 times
...
Pura
6 months ago
I agree, option B seems to be the most relevant for investigating user activity.
upvoted 0 times
...
Vivan
6 months ago
I see your point, option B does seem to focus more on the process activity executed by the user account.
upvoted 0 times
...
Isidra
6 months ago
I think option A could also be useful to track the history of Falcon Ul logon activity.
upvoted 0 times
...
Vanesa
6 months ago
I agree, option B seems to be the most relevant for investigating user activity.
upvoted 0 times
...
...
Lili
6 months ago
I think a User Search helps investigate B) A list of process activity executed by the specified user account.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77