Question 1

During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?

Options :

A : Export all user activity logs to an external SIEM for additional analysis.

B : Initiate an account lockout to prevent further access attempts.

C : Review the user-s historical behavior to identify baseline deviations.

D : Analyze global login trends for all users to identify systemic issues.

Answer: C

Question 2

Your organization conducts weekly risk assessment meetings where a report on the top 10 riskiest users is required. To streamline this process, you want to schedule an automatic email delivery of the report every Monday at 9 AM. Which of the following steps is the correct way to set up a scheduled custom report in CrowdStrike?

Options :

A : Use the "Risk Assessment" dashboard to add a scheduler widget that sends reports automatically.

B : Export the report manually every Monday and share it with stakeholders via email.

C : Create a new report in the "Custom Reports" section, enable scheduling, and specify the delivery frequency and recipients.

D : Save the report as a template and enable email notifications for all dashboard changes.

Answer: C

Question 3

Your organization has a group of third-party vendor accounts with access to non-sensitive internal systems. These accounts are monitored but do not have MFA enabled. Recent logs show unusual but non-malicious login patterns from different regions. Based on the categories of entity risk, how should this group be classified?

Options :

A : Low Risk: The accounts access non-sensitive systems, and no malicious activity has been detected.

B : Medium Risk: The unusual login patterns and lack of MFA elevate the risk slightly.

C : High Risk: Unusual login patterns indicate a likely compromise of these accounts.

D : High Risk: Third-party accounts always represent a severe risk due to external control.

Answer: B

Question 4

A company is setting up an Identity-as-a-Service (IDaaS) platform to centralize identity management and streamline Single Sign-On (SSO) for its employees. During configuration, the IT administrator must ensure that applications integrated with the IDaaS platform enforce role-based access control (RBAC). Which configuration step is essential to achieve this?

Options :

A : Enable adaptive authentication for all users.

B : Synchronize user attributes and roles from the organization-s directory service.

C : Require mandatory approval workflows for every new account creation.

D : Configure application-specific access rules directly in each application.

Answer: B

Question 5

The NIST Special Publication 800-207 defines a Zero Trust Architecture (ZTA) to enhance security through continuous verification and least privilege principles. According to this framework, which of the following best describes a key characteristic of Zero Trust?

Options :

A : Firewalls and VPNs alone are sufficient to establish Zero Trust security.

B : Zero Trust is an optional security approach that applies only to cloud-based architectures.

C : Implicit trust is granted to users and devices within the corporate network once authenticated.

D : Authentication and authorization are enforced at every access request, regardless of the network location.

Answer: D

Free CrowdStrike-IDP Mock Exam – Practice Online Confidently

Buying Options: