CrowdStrike
CCFH-202B · Question #82
CCFH-202B Question #82: Real Exam Question with Answer & Explanation
Sign in or unlock CCFH-202B to reveal the answer and full explanation for question #82. The question stem and answer options stay visible for context.
Question
What is the purpose of the rename command in this query? event_simpleName=ProcessRollup2 [search event_simpleName=ProcessRollup2 FileName=excel.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid ParentProcessId_decimal] | stats count by FileName CommandLine
Options
- AIt runs a sub-search to locate all detections where excel.exe was blocked
- BIt renames a field to drive the main search in order to locate all children processes of excel.exe
- CIt joins all combinations of parent / children processes involving excel.exe
- DIt renames a field to drive the main search in order to locate all parent processes of excel.exe
Unlock CCFH-202B to see the answer
You've previewed enough free CCFH-202B questions. Unlock CCFH-202B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.