Exam CCFH-202 Topic 9 Question 55 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 55
Topic #: 9

Which of the following is an example of a Falcon threat hunting lead?

A. A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories B. Security appliance logs showing potentially bad traffic to an unknown external IP address C. A help desk ticket for a user clicking on a link in an email causing their machine to become unresponsive and have high CPU usage D. An external report describing a unique 5 character file extension for ransomware encrypted files

Suggested Answer: A Vote an answer

A Falcon threat hunting lead is a piece of information that can be used to initiate or guide a threat hunting activity within the Falcon platform. A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories is an example of a Falcon threat hunting lead, as it can indicate potential malicious activity that can be further investigated using Falcon data and features. Security appliance logs, help desk tickets, and external reports are not examples of Falcon threat hunting leads, as they are not directly related to the Falcon platform or data.

by Selena at Nov 18, 2025, 12:41 AM

Limited Time Offer

15%

Off

Get Premium CCFH-202 Questions as Interactive Self Test Engine or PDF

Comments

0 Satisfied Customers

0 Shares

0 Demo Downloads

10 Years in Business