Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. CrowdStrike
  4. CCFH
  5. CCFH-202b Discussions
  6. CCFH-202b Exam Topic 1 Question 1 Discussion

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 1 Topic 1 Discussion

 CrowdStrike Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 1 Topic 1 Discussion

CCFH-202b Exam Topic 1 Question 1 Discussion:
Question #: 1
Topic #: 1

Which CQL query would output relevant data in tracking USB storage device usage?
A.

#event_simpleName=RemovableMediaVolumeMounted | table([@timestamp, ComputerName, VolumeDriveLetter, VolumeFileSystemDevice, VolumeFileSystemDriver])

B.

#event_simpleName=RemovableMediaVolumeMounted | table([RemoteAddressIP4, UserName, ParentProcessId, RawProcessId, TargetProcessId, FileName, MD5HashData, SHA256HashData, aid, cid])

C.

#event_simpleName=ProcessRollup2 event_platform=Win | table(["Host Name", "Connection Type", "Manufacturer", "Product Name", "Description", "Device ID", Time])

D.

#event_simpleName=FsVolumeMounted | table([@source, ComputerName, VolumeName, VolumeFileSystemType, Entitlements, VolumeDriveLetter])

Get Premium CCFH-202b Questions
Actual exam question for CrowdStrike CCFH-202b exam by Riven4080 at Mar 31, 2026, 12:59:33 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next