Exam4Training

Which field should you reference in order to find the system time of a *FileWritten event?

Which field should you reference in order to find the system time of a *FileWritten event?
A . ContextTimeStamp_decimal
B. FileTimeStamp_decimal
C. ProcessStartTime_decimal
D. timestamp

Answer: A

Explanation:

ContextTimeStamp_decimal is the field that shows the system time of the event that triggered the sensor to send data to the cloud. In this case, it would be the time when the file was written. FileTimeStamp_decimal is the field that shows the last modified time of the file, which may not be the same as the time when the file was written. ProcessStartTime_decimal is the field that shows the start time of the process that performed the file write operation, which may not be the same as the time when the file was written. Timestamp is the field that shows the time when the sensor data was received by the cloud, which may not be the same as the time when the file was written.

Reference: https://www.crowdstrike.com/blog/tech-center/understanding-timestamps-in-crowdstrike-falcon/

Latest CCFH-202 Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version