CrowdStrike
CCFH-202B · Question #86
CCFH-202B Question #86: Real Exam Question with Answer & Explanation
Sign in or unlock CCFH-202B to reveal the answer and full explanation for question #86. The question stem and answer options stay visible for context.
Question
During an investigation you find out that files are being written to disc by a malicious process. While many are displayed in the detections as context items, you want to see all files written to your host by this process. What Splunk search would work for this scenario?
Options
- Aevent_simpleName=*written ComputerName=MyPC ContextProcessId_decimal=0123456789
- Bevent_simpleName=processrollup ComputerName=MyPC
- Cevent_simpleName=*written ComputerName=MyPC TargetProcessId_decimal=0123456789
- Devent_simpleName=processrollup ComputerName=MyPC
Unlock CCFH-202B to see the answer
You've previewed enough free CCFH-202B questions. Unlock CCFH-202B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.