CrowdStrike Certified Falcon Responder (CCFR) — Question 41
You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?
Answer options
- A. User logons after the detection
- B. Executions of schtasks.exe after the detection
- C. Scheduled tasks registered prior to the detection
- D. Pivot to a Hash search for taskeng.exe
Correct answer: C
Explanation
Investigating scheduled tasks registered prior to the detection (option C) is crucial as it can reveal if any malicious tasks were set up before the detection occurred. The other options focus on activities that happen either after the detection or on a specific executable, which may not provide insights into the initial compromise leading to the detection.