Question No : 1
What role does collaboration play in event investigation?
정답:
Question No : 2
Which use cases are supported by applying ATT&CK techniques within Falcon workflows? (Choose two)
정답:
Question No : 3
What is the benefit of using the "Advanced Search" feature in the Event Search module?
정답:
Question No : 4
What two types of contextual event data can be viewed in the Full Detection View? (Choose two)
정답:
Question No : 5
What is the primary purpose of the MITRE ATT&CK® Framework?
정답:
Question No : 6
Which search type should be used to investigate whether a suspicious executable has affected multiple hosts?
정답:
Question No : 7
Which Falcon feature allows analysts to perform advanced searches across endpoint data?
정답:
Question No : 8
Which of the following components is not part of the MITRE ATT&CK® Framework?
정답:
Question No : 9
What is the primary benefit of using Falcon Real Time Response (RTR) during an incident response?
정답:
Question No : 10
Which statement is true about running event searches in Falcon?
정답:
Question No : 11
The __________ feature in Falcon enables analysts to trace a user’s activity across multiple hosts and correlate it with detections.
정답:
Question No : 12
Which scenario justifies using Host Timeline over Process Timeline?
정답:
Question No : 13
A(n) ___________ is a unique artifact like a hash or domain that can be used to identify malicious activity in Falcon.
정답:
Question No : 14
Which search capability in Falcon allows investigators to identify anomalies across multiple endpoints by applying filters and grouping criteria?
정답:
Question No : 15
In detection analysis, what does a false positive indicate?
정답:
