Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Crowdstrike Discussions

Exam CCFR-201 topic 1 question 3 discussion

Actual exam question from CrowdStrike's CCFR-201
Question #: 3
Topic #: 1
[All CCFR-201 Questions]

How does a DNSRequest event link to its responsible process?

  • A. Via both its ContextProcessId_decimal and ParentProcessId_decimal fields
  • B. Via its ParentProcessId_decimal field
  • C. Via its ContextProcessId_decimal field
  • D. Via its TargetProcessId_decimal field
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Tiago90 at Dec. 2, 2023, 2:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
jolujo10
1 month ago
Answer is C
upvoted 1 times
...
alanalanalan
1 month, 2 weeks ago
Selected Answer: C
Answer is C, C. Via its ContextProcessId_decimal field Refer to the document "Falcon Documentation > Endpoint Security > Event Investigation > Hunting and Investigation", the example is : Uncommon processes making network connections or DNS Requests : aid=my-aid event_simpleName="DnsRequest" | rename ContextProcessId_decimal as TargetProcessId_decimal | join TargetProcessId_decimal [search aid=my-aid event_simpleName="ProcessRollup2" ImageFileName="*PROCESS"] | table ComputerName timestamp ImageFileName DomainName CommandLine
upvoted 1 times
...
alanalanalan
1 month, 2 weeks ago
Answer is C, C. Via its ContextProcessId_decimal field Refer to the document "Falcon Documentation > Endpoint Security > Event Investigation > Hunting and Investigation", the example is : Uncommon processes making network connections or DNS Requests : aid=my-aid event_simpleName="DnsRequest" | rename ContextProcessId_decimal as TargetProcessId_decimal | join TargetProcessId_decimal [search aid=my-aid event_simpleName="ProcessRollup2" ImageFileName="*PROCESS"] | table ComputerName timestamp ImageFileName DomainName CommandLine
upvoted 1 times
...
silva222222
1 month, 2 weeks ago
Selected Answer: C
ContextProcessId_decimal is designed to capture the broader process context associated with the DNS request. This context can include the process that ultimately initiated the DNS resolution request, even if there were intermediary steps involved. This information is crucial for security analysts to understand which process is making external communication attempts and potentially identify malicious activity.
upvoted 2 times
...
kangaru
4 months, 4 weeks ago
Selected Answer: C
It's responsible process is referred using ContextProcessId_demical
upvoted 3 times
...
sbag0024
5 months, 1 week ago
Selected Answer: D
D is correct. TargetprocessID_d is always the one responsible for the action.
upvoted 1 times
sbag0024
5 months, 1 week ago
Hum it might be Contextprocessid_d.. not sure here now..
upvoted 1 times
...
kangaru
4 months, 4 weeks ago
#event_simpleName=DnsRequest doesn't have TargetProcessId_decimal field
upvoted 1 times
...
...
Tiago90
7 months, 1 week ago
correct is D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours