exam questions

Exam CCFR-201 All Questions

View all questions & answers for the CCFR-201 exam

Exam CCFR-201 topic 1 question 3 discussion

Actual exam question from CrowdStrike's CCFR-201
Question #: 3
Topic #: 1
[All CCFR-201 Questions]

How does a DNSRequest event link to its responsible process?

  • A. Via both its ContextProcessId_decimal and ParentProcessId_decimal fields
  • B. Via its ParentProcessId_decimal field
  • C. Via its ContextProcessId_decimal field
  • D. Via its TargetProcessId_decimal field
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
jolujo10
3 weeks, 1 day ago
Answer is C
upvoted 1 times
...
alanalanalan
1 month ago
Selected Answer: C
Answer is C, C. Via its ContextProcessId_decimal field Refer to the document "Falcon Documentation > Endpoint Security > Event Investigation > Hunting and Investigation", the example is : Uncommon processes making network connections or DNS Requests : aid=my-aid event_simpleName="DnsRequest" | rename ContextProcessId_decimal as TargetProcessId_decimal | join TargetProcessId_decimal [search aid=my-aid event_simpleName="ProcessRollup2" ImageFileName="*PROCESS"] | table ComputerName timestamp ImageFileName DomainName CommandLine
upvoted 1 times
...
alanalanalan
1 month ago
Answer is C, C. Via its ContextProcessId_decimal field Refer to the document "Falcon Documentation > Endpoint Security > Event Investigation > Hunting and Investigation", the example is : Uncommon processes making network connections or DNS Requests : aid=my-aid event_simpleName="DnsRequest" | rename ContextProcessId_decimal as TargetProcessId_decimal | join TargetProcessId_decimal [search aid=my-aid event_simpleName="ProcessRollup2" ImageFileName="*PROCESS"] | table ComputerName timestamp ImageFileName DomainName CommandLine
upvoted 1 times
...
silva222222
1 month, 1 week ago
Selected Answer: C
ContextProcessId_decimal is designed to capture the broader process context associated with the DNS request. This context can include the process that ultimately initiated the DNS resolution request, even if there were intermediary steps involved. This information is crucial for security analysts to understand which process is making external communication attempts and potentially identify malicious activity.
upvoted 2 times
...
kangaru
4 months, 2 weeks ago
Selected Answer: C
It's responsible process is referred using ContextProcessId_demical
upvoted 3 times
...
sbag0024
4 months, 4 weeks ago
Selected Answer: D
D is correct. TargetprocessID_d is always the one responsible for the action.
upvoted 1 times
...
Tiago90
6 months, 4 weeks ago
correct is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago