CrowdStrike Certified Falcon Responder (CCFR) — Question 2

From a detection, what is the fastest way to see children and sibling process information?

Answer options

• A. Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessId_decimal)
• B. Select Full Detection Details from the detection
• C. Right-click the process and select "Follow Process Chain"
• D. Select the Process Timeline feature, enter the AID, Target Process ID, and Parent Process ID

Correct answer: B

Explanation

The correct answer is B because selecting Full Detection Details provides comprehensive information about the detection, including child and sibling processes. The other options either do not directly provide this information or involve additional steps that are not as efficient for this specific task.