BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 12 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 12
Topic #: 1
[All CCFR-201 Questions]

How does a DNSRequest event link to its responsible process?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, a DNSRequest event contains information about a DNS query made by a process2.The event has several fields, such as DomainName, QueryType, QueryResponseCode, etc2.The field that links a DNSRequest event to its responsible process is ContextProcessId_decimal, which contains the decimal value of the process ID of the process that generated the event2.You can use this field to trace the process lineage and identify malicious or suspicious activities2.


by Lashawn at Apr 28, 2024, 02:46 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Helga
5 months ago
Let's review what TargetProcessId does. Maybe D?
upvoted 0 times
...
Natalya
5 months ago
ContextProcessId_decimal seems critical for DNSRequests. I'd go with C.
upvoted 0 times
...
Monroe
5 months ago
But isn't it more about the parent process, making B a better choice?
upvoted 0 times
...
Hailey
5 months ago
I think it's option A. Both ContextProcessId and ParentProcessId sound right.
upvoted 0 times
...
Alethea
5 months ago
Yeah, understanding process identification isn't simple.
upvoted 0 times
...
Frank
6 months ago
The question seems tricky.
upvoted 0 times
...

Save Cancel