Question 1

What is the primary step required to deprovision a cloud account from Falcon in the CrowdStrike platform?

Options :

A : Disable the cloud account integration in the Falcon console under the "Cloud Accounts" tab.

B : Delete the cloud account directly from the cloud provider-s console to automatically deprovision it from Falcon.

C : Remove all workloads and endpoints linked to the cloud account before attempting to deprovision it.

D : Revoke the API client credentials associated with the cloud account in the "API Clients and Keys" section.

Answer: A

Question 2

After identifying a risky Azure Service Principal using the CrowdStrike CIEM/Identity Analyzer, what is the most appropriate action to mitigate the risk?

Options :

A : Immediately delete the Service Principal and its associated secrets.

B : Assign the Service Principal an "Owner" role for temporary troubleshooting purposes.

C : Rotate the Service Principal-s credentials and reduce its permissions to the minimum necessary.

D : Replace the Service Principal with a managed identity to eliminate credential-related risks.

Answer: C

Question 3

After performing an image assessment in Falcon Cloud Security, which of the following is a typical actionable recommendation?

Options :

A : Apply a pod security policy to restrict privileged containers.

B : Disable unused Kubernetes Admission Controllers.

C : Limit the number of pods per node to prevent resource exhaustion.

D : Update container images to address identified critical vulnerabilities.

Answer: D

Question 4

While editing the cloud security posture policy in Falcon to enhance compliance with industry standards, you notice a rule that detects misconfigured IAM roles in your AWS environment. What action should you configure for this rule to prevent unauthorized access effectively?

Options :

A : Set the action to "Alert" and notify the security operations team.

B : Enable auto-remediation to delete all misconfigured IAM roles immediately.

C : Add a condition to the rule requiring all IAM roles to use least-privilege policies.

D : Set the action to "Monitor Only" to track usage of the misconfigured roles.

Answer: C

Question 5

After identifying excessive permissions and missing MFA in IAM configurations, which remediation strategy is most aligned with CrowdStrike CIEM’s recommendations?

Options :

A : Delete all accounts flagged by CIEM’s Identity Analyzer.

B : Enable MFA and implement least privilege access policies for the flagged accounts.

C : Revoke all permissions from the identified accounts.

D : Transfer ownership of flagged accounts to a different administrator.

Answer: B

Free CCCS-203b Mock Exam – Practice Online Confidently

Buying Options: