CrowdStrike Certified Falcon Hunter (CCFH) — Question 10

Which event field contains the Falcon generated ID for a process?

Answer options

• A. event_simpleName
• B. TargetProcessId-decimal
• C. ProcessRollup2
• D. Process_Id_decimal

Correct answer: B

Explanation

The correct answer is B, as the TargetProcessId-decimal field specifically contains the Falcon generated ID for the process. The other options do not refer to the process ID generated by Falcon; for instance, event_simpleName does not contain ID information, and ProcessRollup2 and Process_Id_decimal are not the designated fields for this purpose.