CrowdStrike Certified Falcon Hunter (CCFH) — Question 20

Which field in a DNS Request event points to the responsible process?

Answer options

• A. ContextProcessId_readable
• B. TargetProcessId_decimal
• C. ContextProcessId_decimal
• D. ParentProcessId_decimal

Correct answer: C

Explanation

The correct answer, ContextProcessId_decimal, identifies the process responsible for the DNS request. The other options either refer to different process identifiers or are not directly related to the accountability of the DNS request process.