ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFR-201 All Questions

View all questions & answers for the CCFR-201 exam
Go to Exam

Exam CCFR-201 topic 1 question 26 discussion

Actual exam question from CrowdStrike's CCFR-201
Question #: 26
Topic #: 1
[All CCFR-201 Questions]

When examining a raw DNS request event, you see a field called ContextProcessId_decimal. What is the purpose of that field?

  • A. It contains the TargetProcessId_decimal value for other related events
  • B. It contains an internal value not useful for an investigation
  • C. It contains the ContextProcessId decimal value for the parent process that made the DNS request
  • D. It contains the TargetProcessId_decimal value for the process that made the DNS request
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by lightmagenta at Dec. 13, 2023, 6:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
alanalanalan
5 months, 2 weeks ago
Selected Answer: D
agree with D
upvoted 1 times
...
kangaru
8 months, 4 weeks ago
Selected Answer: D
ContextProcessId of DnsRequest event is equal to the TargetProcessId of the event that spawned the DnsRequest event.
upvoted 1 times
...
VasiOnCacao
10 months, 2 weeks ago
Actually, here I also think it might be D. Look at this reddit post - https://www.reddit.com/r/crowdstrike/comments/hr1kyb/rename_contextprocessid_decimal_as/. In other words ContextProcessId is generated to enrich the TargetProcessId event and has the same value. The main event won't contain ContextProcessId event, but a TargetProcessId.
upvoted 1 times
sbag0024
9 months, 1 week ago
Not sure about D for this one it says TargetProcessID. NOT TargetProcessId_decimal. Both TargetProcessId and TargetProcessId_decimal are different things. I don't see a correct answer here?
upvoted 1 times
sbag0024
9 months, 1 week ago
Actually might be C.
upvoted 1 times
sbag0024
9 months, 1 week ago
Not sure on this one.
upvoted 1 times
...
...
...
...
wildbandana
10 months, 3 weeks ago
I think is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago