Question 1

You need to use the Falcon Fusion GraphQL API to retrieve login events for a specific user, identified by their email address, and only include events where the status is "success." How should you structure this query?

Options :

A : Use the getLoginEvents query with a user_email filter and a status filter set to "success".

B : Use the getLoginDetails query with a username filter and a filter for "successful" logins.

C : Use the getUserLoginActivity mutation with a user_id and status set to "success".

D : Use the queryLoginEvents mutation with a user_email field and a status of "successful".

Answer: A

Question 2

How does Falcon Identity Protection enhance a security model focused on Zero Trust principles in a domain environment?

Options :

A : By monitoring and restricting lateral movement through identity-based threat detection

B : By encrypting all network traffic within the domain

C : By automating access control policies for cloud-based applications

D : By replacing traditional firewalls and antivirus solutions

Answer: A

Question 3

You are a security analyst reviewing an alert for suspicious user behavior in the CrowdStrike platform. Initially categorized as "Unusual Login", the incident was later reclassified to "Credential Theft." To understand the history and context of this incident, what is the most effective approach to investigate its progression and potential type changes?

Options :

A : Directly reclassify the incident as "Resolved" to prevent further alerts.

B : Generate a detailed report of all incidents over the past 30 days.

C : Export the incident details to an external log analysis tool for deeper inspection.

D : Examine the timeline of events associated with the alert in the CrowdStrike dashboard.

Answer: D

Question 4

Your organization recently implemented CrowdStrike Falcon Identity Protection. A team member asks how it integrates with your existing MFA provider. What is the primary way Falcon Identity Protection extends the capabilities of an existing MFA provider?

Options :

A : It disables MFA requirements for logins originating from trusted devices.

B : It replaces the existing MFA provider entirely with its own MFA solution.

C : It adds continuous authentication and risk-based monitoring to enhance existing MFA workflows.

D : It enforces MFA only for administrative users, bypassing other users in the system.

Answer: C

Question 5

The NIST Special Publication 800-207 defines a Zero Trust Architecture (ZTA) to enhance security through continuous verification and least privilege principles. According to this framework, which of the following best describes a key characteristic of Zero Trust?

Options :

A : Firewalls and VPNs alone are sufficient to establish Zero Trust security.

B : Zero Trust is an optional security approach that applies only to cloud-based architectures.

C : Implicit trust is granted to users and devices within the corporate network once authenticated.

D : Authentication and authorization are enforced at every access request, regardless of the network location.

Answer: D

Free CrowdStrike-IDP Mock Exam – Practice Online Confidently

Buying Options: