CrowdStrike Certified SIEM Engineer - CCSE-204 模擬練習
An internal security team identified a small number of high-risk users. They ask you to create an app that will monitor these users and trigger an alert when specific suspicious behavior is detected.
Which Falcon feature should you use to develop this app?
Which Falcon feature should you use to develop this app?
正解: A
解説: (PassTest メンバーにのみ表示されます)
What is the most appropriate action if a third-party connector is disconnected and no longer ingesting data?
正解: D
解説: (PassTest メンバーにのみ表示されます)
Which field should be used in a correlation rule when detections must be based on the original event occurrence time?
正解: A
解説: (PassTest メンバーにのみ表示されます)
Which three System alerts are enabled by default in Next-Gen SIEM for third-party connectors?
正解: D
解説: (PassTest メンバーにのみ表示されます)
Review the log sample below:
What type of parser should be used to extract fields and values from this log?
What type of parser should be used to extract fields and values from this log?
正解: D
解説: (PassTest メンバーにのみ表示されます)
Which default parser would you use to parse the log event below?
Jan 15 14:22:07 host1 sshd[1234]: Failed login
Jan 15 14:22:07 host1 sshd[1234]: Failed login
正解: D
解説: (PassTest メンバーにのみ表示されます)
What should you do with a field that is not CPS-compliant when adding it to a parser?
正解: C
解説: (PassTest メンバーにのみ表示されます)