CrowdStrike Certified Falcon Hunter (CCFH) — Question 16

When reviewing a DNS request in the Event Search, you're curious which process made the request. Which Event Action would be the quickest way to show you the process?

Answer options

• A. Show Associated Event Data (from TargetProcessID_decimal)
• B. Show Parent Process
• C. Show Responsible Process Data
• D. Pivot - Host Search

Correct answer: C

Explanation

The correct answer, C, 'Show Responsible Process Data', directly provides information about the process responsible for the DNS request. Options A and B may provide relevant data but do not specifically highlight the initiating process as effectively. Option D, 'Pivot - Host Search', is broader and does not directly address the DNS request process.