Loading questions...
Updated
Which of the following would be the correct field name to find the name of an event?
Event Search data is recorded with which time zone?
Which of the following Event Search queries would only find the DNS lookups to the domain: www.randomdomain.com?
How do you rename fields while using transforming commands such as table, chart, and stats?
SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time. Which eval function is correct?
Which of the following queries will return the parent processes responsible for launching badprogram.exe?
You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc. Which command would be the appropriate choice?
When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName
The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:
Which field should you reference in order to find the system time of a *FileWritten event?
To find events that are outliers inside a network, ___________is the best hunting method to use.
Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?
Which of the following is a recommended technique to find unique outliers among a set of data in the Falcon Event Search?
Adversaries commonly execute discovery commands such as net.exe, ipconfig.exe, and whoami.exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query? aid=my-aid event_simpleName=ProcessRollup2 (FileName=net.exe __________ FileName=ipconfig.exe _________ FileName=whoami.exe) | table ComputerName UserName FileName CommandLine
You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query. aid=my-aid ImageFileName=________ event_simpleName=ProcessRollup2
Which of the following is the proper method to quantify search results, enabling a hunter to quickly sort and identify outliers?
Create a free account to unlock all questions for this exam.
Log In / Sign UpWhich of the following is a suspicious process behavior?
Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Falcon Event Search?