CrowdStrike Certified Falcon Hunter (CCFH) — Question 74
Which event_simpleName has a field that contains the command line used to create a process?
Answer options
- A. ProcessRollup2
- B. DNSRequest
- C. CommandHistory
- D. PeVersionInfo
Correct answer: A
Explanation
The correct answer is A, ProcessRollup2, as it specifically contains the command line details for process creation. The other options, while related to system events, do not include this particular field relevant to the command line used in process creation.