Question 1

A company wants to create a Falcon Sensor policy to enforce strict monitoring on critical servers. What is an essential configuration step for the policy?

Options :

A : Configure prevention settings such as "Exploit Mitigation" and "Malware Prevention" for the policy.

B : Set the policy mode to "Detection Only" for all servers.

C : Add the policy under the "Sensor Exclusions" tab in the Falcon Console.

D : Assign the policy to the "Default Group" to ensure global coverage.

Answer: A

Question 2

Which step is essential when registering a cloud account in Falcon Cloud Security?

Options :

A : Enabling API access and permissions to allow CrowdStrike to monitor the account.

B : Deploying the Falcon agent on all instances in the account before registration.

C : Configuring automatic backup settings for all cloud resources.

D : Configuring network firewalls to route all traffic through CrowdStrike-s servers.

Answer: A

Question 3

You are creating a custom Indicator of Maliciousness (IOM) rule in CrowdStrike Falcon to block access to a specific malicious domain. Which of the following steps is correct for ensuring the IOM rule functions effectively?

Options :

A : Use the "File Hash" condition type to specify the domain’s IP address.

B : Assign the IOM rule a severity level of "Informational" to ensure it blocks the domain.

C : Add the domain to the Global Allowlist to ensure it is blocked.

D : Select the "Domain Name" condition type and specify the domain to block.

Answer: D

Question 4

Your organization uses AWS, and you are tasked with configuring an automated remediation workflow in Falcon Fusion to respond to findings about unencrypted S3 buckets. What is the critical action you must configure in the workflow to remediate such findings?

Options :

A : Set the S3 bucket policy to enforce encryption.

B : Delete all objects in the unencrypted S3 bucket.

C : Trigger an email notification to the security team.

D : Generate a compliance report for the unencrypted bucket.

Answer: A

Question 5

You are a cloud administrator for a company using CrowdStrike's Cloud Infrastructure Entitlement Manager (CIEM) to enhance identity security in the cloud. You want to identify users who have been inactive for the past six months to evaluate whether they need continued access to critical resources. Which of the following steps is the most appropriate way to identify inactive users in CIEM?

Options :

A : Run the "Inactive Users Report" within the CIEM dashboard and filter users by the "Last Activity" timestamp.

B : Search for inactive users by using CIEM-s "High-Risk Permissions" filter.

C : Rely solely on CrowdStrike-s AI recommendations to flag inactive users automatically.

D : Manually cross-reference activity logs from CIEM with logs from your Identity and Access Management (IAM) provider.

Answer: A

Free CCCS-203b Mock Exam – Practice Online Confidently

Buying Options: