nerdexam
CrowdStrike

CCFH-202B · Question #6

CCFH-202B Question #6: Real Exam Question with Answer & Explanation

The correct answer is B. event_simpleName=processrollup2 [search event_simpleName=processrollup2. The Parent Process is when rename ParentProcessId_decimal as TargetProcessId_decimal.

Question

Which of the following queries will return the parent processes responsible for launching badprogram exe?

Options

  • A[search (ParentProcess) where name=badprogranrexe ] | table ParentProcessName _time
  • Bevent_simpleName=processrollup2 [search event_simpleName=processrollup2
  • C[search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table
  • Devent_simpleName=processrollup2 [search event_simpleName=processrollup2

Explanation

The Parent Process is when rename ParentProcessId_decimal as TargetProcessId_decimal.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCFH-202B Practice