1. Home
  2. CrowdStrike
  3. CCFH-202b Exam Syllabus

CrowdStrike CCFH-202b Exam Syllabus

Start Free CCFH-202b Exam Practice After Reviewing the Topics

Before starting your CCFH-202b exam preparation, it is recommended to review the complete CrowdStrike Certified Falcon Hunter exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free CCFH-202b questions. We also provide premium CCFH-202b practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.

CrowdStrike CCFH-202b Exam Objectives

Section Objectives
ATT&CK Frameworks
  • 1.1 Demonstrate knowledge of the cyber kill chain (e.g., reconnaissance, scanning, enumeration,gaining access, escalation of privileges, maintaining access, covering tracks) and recognize intelligence gaps
  • 1.2 Utilize the MITRE ATT&CK Framework to model threat actor behaviors
  • 1.3 Operationalize the MITRE ATT&CK Framework to look for research threat models, TTPs and threat actors, and pivot as necessary and convey to non-technical audiences
Detection Analysis
  • 2.1 Analyze information displayed in the Host Timeline to understand host states and events
  • 2.2 Analyze the information displayed in the Process Timeline to understand the flow of events and detections
  • 2.3 Pivot from the detection page to additional investigative tools
Search and Investigation Tools
  • 3.1 Analyze and interpret metadata around files and processes recorded by Falcon
  • 3.2 Differentiate use of Investigate Module tools available in Falcon
  • 3.3 Understand use cases for various search options (e.g., User Search, Host Search, Hash Search, IP Addresses Search, Bulk Domain Search)
  • 3.4 Interpret search result information displayed in dashboards to determine additional investigation or action
Event Search
  • 4.1 Define key syntax of CrowdStrike Query Language (CQL)
  • 4.2 Build a query and perform a search using CQL
  • 4.3 Format event data for user readability, export or charting
  • 4.4 Filter event data and analyze results
  • 4.5 Describe the process relationship of (Target/Parent/Context)
  • 4.6 Define key data event types
  • 4.7 Convert and format Unix times to UTC readable time
  • 4.8 Create a custom dashboard to display Advanced Event Search results
Reports and References
  • 5.1 Use the built-in Hunt reports to refine event details
  • 5.2 Use the built-in Visibility reports to refine event details
  • 5.3 Leverage the Events Full Reference documentation to learn information about specific events
Hunting Analytics
  • 6.1 Analyze and recognize suspicious overt malicious behaviors
  • 6.2 Understand target systems (asset inventory and who would target those assets)
  • 6.3 Evaluate information for reliability, validity and relevance for use in the process of elimination
  • 6.4 Identify alternative analytical interpretations to minimize and reduce false positives
  • 6.5 Decode and understand PowerShell/CMD activity
  • 6.6 Recognize patterns such as an enterprise-wide file infection process to determine the root cause or source of the infection
  • 6.7 Differentiate testing, DevOPs or general user activity from adversary behavior
  • 6.8 Identify the vulnerability exploited from an initial attack vector
Hunting Methodology
  • 7.1 Conduct routine active hunt operations within your environment in order to determine if your environment has been breached
  • 7.2 Perform outlier analysis with the Falcon tool
  • 7.3 Conduct hypothesis and hunting lead generation in order to prove them using Falcon tools
  • 7.4 Construct simple and complex EAM queries in Falcon
  • 7.5 Investigate a process tree
Official Information https://assets.crowdstrike.com/is/content/crowdstrikeinc/ccfh-certification-exam-guidepdf

Limited Time Offer

50%

Off

Get Premium CCFH-202b Questions as Interactive Practice Test or PDF