Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFR-201 All Questions

View all questions & answers for the CCFR-201 exam
Go to Exam

Exam CCFR-201 topic 1 question 26 discussion

Actual exam question from CrowdStrike's CCFR-201
Question #: 26
Topic #: 1
[All CCFR-201 Questions]

When examining a raw DNS request event, you see a field called ContextProcessId_decimal. What is the purpose of that field?

  • A. It contains the TargetProcessId_decimal value for other related events
  • B. It contains an internal value not useful for an investigation
  • C. It contains the ContextProcessId decimal value for the parent process that made the DNS request
  • D. It contains the TargetProcessId_decimal value for the process that made the DNS request
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by lightmagenta at Dec. 13, 2023, 6:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
alanalanalan
6 months ago
Selected Answer: D
agree with D
upvoted 1 times
...
kangaru
9 months, 2 weeks ago
Selected Answer: D
ContextProcessId of DnsRequest event is equal to the TargetProcessId of the event that spawned the DnsRequest event.
upvoted 1 times
...
VasiOnCacao
11 months ago
Actually, here I also think it might be D. Look at this reddit post - https://www.reddit.com/r/crowdstrike/comments/hr1kyb/rename_contextprocessid_decimal_as/. In other words ContextProcessId is generated to enrich the TargetProcessId event and has the same value. The main event won't contain ContextProcessId event, but a TargetProcessId.
upvoted 1 times
sbag0024
9 months, 3 weeks ago
Not sure about D for this one it says TargetProcessID. NOT TargetProcessId_decimal. Both TargetProcessId and TargetProcessId_decimal are different things. I don't see a correct answer here?
upvoted 1 times
sbag0024
9 months, 3 weeks ago
Actually might be C.
upvoted 1 times
sbag0024
9 months, 3 weeks ago
Not sure on this one.
upvoted 1 times
...
...
...
...
wildbandana
11 months, 2 weeks ago
I think is D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel