Question 1

Which threat framework allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies?

Options :

A : MITRE ATT&CK

B : Lockheed Martin Cyber Kill Chain

C : Director of National Intelligence Cyber Threat Framework

D : NIST 800-171 Cyber Threat Framework

Answer: A

Question 2

Event Search data is recorded with which time zone?

Options :

A : PST

B : GMT

C : EST

D : UTC

Answer: D

Question 3

What Investigate tool would you use to allow an analyst to view all events for a specific host?

Options :

A : Bulk Timeline

B : Host Search

C : Host Timeline

D : Process Timeline

Answer: C

Question 4

What topics are presented in the Hunting and Investigation Guide?

Options :

A : Detailed tutorial on writing advanced queries such as sub-searches and joins

B : Detailed summary of event names, descriptions, and some key data fields for hunting and investigation

C : Sample hunting queries, select walkthroughs and best practices for hunting with Falcon

D : Recommended platform configurations and prevention settings to ensure detections are generated for hunting leads

Answer: C

Question 5

SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time Which eval function is correct^

Options :

A : now

B : typeof

C : strftime

D : relative time

Answer: C