Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFH-202 All Questions

View all questions & answers for the CCFH-202 exam
Go to Exam

Exam CCFH-202 topic 1 question 82 discussion

Actual exam question from CrowdStrike's CCFH-202
Question #: 82
Topic #: 1
[All CCFH-202 Questions]

What is the purpose of the rename command in this query?

event_simpleName=ProcessRollup2 [search event_simpleName=ProcessRollup2 FileName=excel.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid ParentProcessId_decimal] | stats count by FileName CommandLine

  • A. It runs a sub-search to locate all detections where excel.exe was blocked
  • B. It renames a field to drive the main search in order to locate all children processes of excel.exe
  • C. It joins all combinations of parent / children processes involving excel.exe
  • D. It renames a field to drive the main search in order to locate all parent processes of excel.exe
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Sunaperi at Nov. 4, 2023, 4:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
alanalanalan
3 months, 3 weeks ago
Selected Answer: B
B B. It renames a field to drive the main search in order to locate all children processes of excel.exe
upvoted 1 times
...
gr23
10 months, 2 weeks ago
B. To find the parent process you rename ParentProcessID_decimal to TargetProcessID_decimal. To find the the child you rename TargetProcessID_decimal As ParentProcessID_decimal.
upvoted 2 times
...
Pipo12345
11 months, 1 week ago
Selected Answer: B
B is correct >>> A similar example from internal Crowdstrike docs: event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=winlogon.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid ParentProcessId_decimal] | stats count by FileName CommandLine Explanation: Show all children of a process (e.g.winlogon.exe) – Looking for typical children of a process, to see outliers
upvoted 2 times
...
Sunaperi
1 year ago
d is correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel