CrowdStrike Certified Falcon Hunter CCFH-202b Question # 12 Topic 2 Discussion

CCFH-202b Exam Topic 2 Question 12 Discussion:

Question #: 12

Topic #: 2

Refer to the image. Which query will show file execution from a suspicious directory across all hosts?

#event_simpleName=ProcessRollup2 | aid=* | ImageFileName=/\\Users\\[^\\]+\\Desktop\\/i | groupBy(aid, function=collect([SHA256HashData, ImageFileName] ), limit-max)

#event_simpleName=ProcessRollup2 | aid=c28082797f7f4d81b3f869dbaf6eb712 | ImageFileName=/\$Recycle\.Bin/i | groupBy(aid, function=collect([SHA256HashData, ImageFileName]), limit-max)

#event_simpleName=ProcessRollup2 | aid=* | ImageFileName=/\$Recycle\.Bin/i | groupBy(aid, function=collect([SHA256HashData, ImageFileName]), limit-max)

#event_simpleName=ProcessRollup2 | aid=* | ImageFileName=/\\Users\\[^\\]+\\Downloads\\/i | groupBy(aid, function=collect([SHA256HashData, ImageFileName] ), limit-max)

Get Premium CCFH-202b Questions

Actual exam question for CrowdStrike CCFH-202b exam by Draven70553 at Mar 31, 2026, 12:59:13 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 12 Topic 2 Discussion

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 12 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 12 Topic 2 Discussion

CrowdStrike Certified Falcon Hunter CCFH-202b Question # 12 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval