Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 3 Question 36 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 36
Topic #: 3
[All CCFR-201 Questions]

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the [Microsoft website], taskeng.exe is a legitimate Windows process that is responsible for running scheduled tasks. However, some malware may use this process or create a fake one to execute malicious code. Therefore, if you notice taskeng.exe involved in a detection, you should investigate whether there are any scheduled tasks registered prior to the detection that may have triggered or injected into taskeng.exe. You can use tools such as schtasks.exe or Task Scheduler to view or manage scheduled tasks.


by Ashlyn at Apr 03, 2025, 05:54 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Leatha
25 days ago
Taskeng.exe, huh? Sounds like someone's been playing a game of 'Guess the Process' and forgot to invite the rest of us. Let's hope the answer isn't 'Minesweeper.exe'!
upvoted 0 times
Samira
4 days ago
C) Scheduled tasks registered prior to the detection
upvoted 0 times
...
Leonora
12 days ago
B) Executions of schtasks.exe after the detection
upvoted 0 times
...
Nan
17 days ago
A) User logons after the detection
upvoted 0 times
...
...
Walton
27 days ago
User logons, huh? Sounds like someone's been busy trying to cover their tracks. Time to put on our detective hats!
upvoted 0 times
...
Janessa
1 months ago
Pivot to a hash search? That's like trying to find a needle in a haystack. I'd rather focus on the scheduled tasks and see what's up.
upvoted 0 times
Tiera
8 days ago
B) Executions of schtasks.exe after the detection
upvoted 0 times
...
Vallie
12 days ago
A) User logons after the detection
upvoted 0 times
...
...
Ryan
1 months ago
I'd go with B - looking at schtasks.exe executions could give us a clue about what's really going on here. Gotta be thorough, you know?
upvoted 0 times
Adria
6 days ago
It's important to investigate all possible leads, so looking at schtasks.exe executions is a good idea.
upvoted 0 times
...
Kiley
8 days ago
I agree, checking schtasks.exe executions could reveal more information about the activity.
upvoted 0 times
...
...
Karma
2 months ago
Hmm, scheduled tasks seem like the most logical next step. Who knows what kind of sneaky activity might be hidden in those tasks?
upvoted 0 times
Mona
22 hours ago
C) Scheduled tasks registered prior to the detection
upvoted 0 times
...
Minna
9 days ago
B) Executions of schtasks.exe after the detection
upvoted 0 times
...
Penney
1 months ago
A) User logons after the detection
upvoted 0 times
...
...
Antonio
2 months ago
I believe we should pivot to a Hash search for taskeng.exe to gather more information.
upvoted 0 times
...
Carin
2 months ago
I agree with Vi, checking user logons can give us more insight.
upvoted 0 times
...
Vi
2 months ago
I think we should investigate user logons after the detection.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77