Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 3 Question 36 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 36
Topic #: 3
[All CCFR-201 Questions]

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

Show Suggested Answer Hide Answer
Suggested Answer: C

According to the [Microsoft website], taskeng.exe is a legitimate Windows process that is responsible for running scheduled tasks. However, some malware may use this process or create a fake one to execute malicious code. Therefore, if you notice taskeng.exe involved in a detection, you should investigate whether there are any scheduled tasks registered prior to the detection that may have triggered or injected into taskeng.exe. You can use tools such as schtasks.exe or Task Scheduler to view or manage scheduled tasks.


by Ashlyn at Apr 03, 2025, 05:54 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Antonio
3 days ago
I believe we should pivot to a Hash search for taskeng.exe to gather more information.
upvoted 0 times
...
Carin
4 days ago
I agree with Vi, checking user logons can give us more insight.
upvoted 0 times
...
Vi
8 days ago
I think we should investigate user logons after the detection.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77