Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFH-202 All Questions

View all questions & answers for the CCFH-202 exam
Go to Exam

Exam CCFH-202 topic 1 question 86 discussion

Actual exam question from CrowdStrike's CCFH-202
Question #: 86
Topic #: 1
[All CCFH-202 Questions]

During an investigation you find out that files are being written to disc by a malicious process. While many are displayed in the detections as context items, you want to see all files written to your host by this process.

What Splunk search would work for this scenario?

  • A. event_simpleName=*written ComputerName=MyPC ContextProcessId_decimal=0123456789
  • B. event_simpleName=*processrollup* ComputerName=MyPC
    TargetProcessId_decimal=0123456789
  • C. event_simpleName=*written ComputerName=MyPC TargetProcessId_decimal=0123456789
  • D. event_simpleName=*processrollup* ComputerName=MyPC
    ContextProcessId_decimal=0123456789
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by kangaru at Jan. 14, 2024, 10:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
alanalanalan
3 months, 3 weeks ago
Selected Answer: A
A A. event_simpleName=*written ComputerName=MyPC ContextProcessId_decimal=0123456789 ContextProcessId is the highlight
upvoted 1 times
...
e4e38c0
4 months, 2 weeks ago
C is wrong, as the question specifically asking for Context and not the created one
upvoted 1 times
...
kangaru
10 months, 1 week ago
Selected Answer: A
C is wrong. TargetProcessId_decimal is not a valid field in *FileWritten events. You would use ContextProcessId to trace back its spawner.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel