CrowdStrike
CCFR-201B · Question #54
CCFR-201B Question #54: Real Exam Question with Answer & Explanation
Sign in or unlock CCFR-201B to reveal the answer and full explanation for question #54. The question stem and answer options stay visible for context.
Question
You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?
Options
- AParentProcessId_decimal and aid
- BResponsibleProcessId_decimal and aid
- CContextProcessId_decimal and aid
- DTargetProcessId_decimal and aid
Unlock CCFR-201B to see the answer
You've previewed enough free CCFR-201B questions. Unlock CCFR-201B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.