1. Home
  2. CrowdStrike
  3. CCFH-202b Exam Syllabus

CrowdStrike CCFH-202b Exam Syllabus

Start Free CCFH-202b Exam Practice After Reviewing the Topics

Before starting your CCFH-202b exam preparation, it is recommended to review the complete CrowdStrike Certified Falcon Hunter exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free CCFH-202b questions. We also provide premium CCFH-202b practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.

CrowdStrike
Vendor
CCFH-202b
Exam Code
60
Total Questions
7
Total Exam Domains

START FREE CCFH-202b EXAM PRACTICE

NO SIGNUP REQUIRED  •  100% FREE TO START

CCFH-202b EXAM QUESTIONS

CrowdStrike CCFH-202b Exam Objectives

Section 1: ATT&CK Frameworks
Weight:
-
  • 1.1 Demonstrate knowledge of the cyber kill chain (e.g., reconnaissance, scanning, enumeration,gaining access, escalation of privileges, maintaining access, covering tracks) and recognize intelligence gaps
  • 1.2 Utilize the MITRE ATT&CK Framework to model threat actor behaviors
  • 1.3 Operationalize the MITRE ATT&CK Framework to look for research threat models, TTPs and threat actors, and pivot as necessary and convey to non-technical audiences
Section 2: Detection Analysis
Weight:
-
  • 2.1 Analyze information displayed in the Host Timeline to understand host states and events
  • 2.2 Analyze the information displayed in the Process Timeline to understand the flow of events and detections
  • 2.3 Pivot from the detection page to additional investigative tools
Section 3: Search and Investigation Tools
Weight:
-
  • 3.1 Analyze and interpret metadata around files and processes recorded by Falcon
  • 3.2 Differentiate use of Investigate Module tools available in Falcon
  • 3.3 Understand use cases for various search options (e.g., User Search, Host Search, Hash Search, IP Addresses Search, Bulk Domain Search)
  • 3.4 Interpret search result information displayed in dashboards to determine additional investigation or action
Section 4: Event Search
Weight:
-
  • 4.1 Define key syntax of CrowdStrike Query Language (CQL)
  • 4.2 Build a query and perform a search using CQL
  • 4.3 Format event data for user readability, export or charting
  • 4.4 Filter event data and analyze results
  • 4.5 Describe the process relationship of (Target/Parent/Context)
  • 4.6 Define key data event types
  • 4.7 Convert and format Unix times to UTC readable time
  • 4.8 Create a custom dashboard to display Advanced Event Search results
Section 5: Reports and References
Weight:
-
  • 5.1 Use the built-in Hunt reports to refine event details
  • 5.2 Use the built-in Visibility reports to refine event details
  • 5.3 Leverage the Events Full Reference documentation to learn information about specific events
Section 6: Hunting Analytics
Weight:
-
  • 6.1 Analyze and recognize suspicious overt malicious behaviors
  • 6.2 Understand target systems (asset inventory and who would target those assets)
  • 6.3 Evaluate information for reliability, validity and relevance for use in the process of elimination
  • 6.4 Identify alternative analytical interpretations to minimize and reduce false positives
  • 6.5 Decode and understand PowerShell/CMD activity
  • 6.6 Recognize patterns such as an enterprise-wide file infection process to determine the root cause or source of the infection
  • 6.7 Differentiate testing, DevOPs or general user activity from adversary behavior
  • 6.8 Identify the vulnerability exploited from an initial attack vector
Section 7: Hunting Methodology
Weight:
-
  • 7.1 Conduct routine active hunt operations within your environment in order to determine if your environment has been breached
  • 7.2 Perform outlier analysis with the Falcon tool
  • 7.3 Conduct hypothesis and hunting lead generation in order to prove them using Falcon tools
  • 7.4 Construct simple and complex EAM queries in Falcon
  • 7.5 Investigate a process tree
Info