CrowdStrike Certified Falcon Responder (CCFR) — Question 30

Aside from a Process Timeline or Event Search, how do you export process event data from a detection in .CSV format?

Answer options

• A. You can’t export detailed event data from a detection, you have to use the Process Timeline or an Event Search
• B. In Full Detection Details, you expand the nodes of the process tree you wish to expand and then click the "Export Process Events" button
• C. In Full Detection Details, you choose the "View Process Activity" option and then export from that view
• D. From the Detections Dashboard, you right-click the event type you wish to export and choose CSV, JSON or XML

Correct answer: C

Explanation

The correct answer is C because it specifies the correct method to view and export process activity data directly from Full Detection Details. Option A is incorrect as it states that exporting is not possible, while option B describes a different export method that does not relate to the question. Option D incorrectly refers to exporting from the Detections Dashboard instead of the Full Detection Details view.