Question 1

After identifying excessive permissions and missing MFA in IAM configurations, which remediation strategy is most aligned with CrowdStrike CIEM’s recommendations?

Options :

A : Delete all accounts flagged by CIEM’s Identity Analyzer.

B : Enable MFA and implement least privilege access policies for the flagged accounts.

C : Revoke all permissions from the identified accounts.

D : Transfer ownership of flagged accounts to a different administrator.

Answer: B

Question 2

When creating an API client for cloud account integration in CrowdStrike Falcon, which of the following is a required step?

Options :

A : Generate a public-private key pair and upload the private key to Falcon

B : Assign specific API scopes to limit the client-s access

C : Grant the API client administrator privileges to all cloud accounts

D : Configure the API client to use legacy authentication methods

Answer: B

Question 3

You are setting up CrowdStrike to assess images in your container registry. What is the first step to establish a connection for image scanning?

Options :

A : Enable automatic image scanning in the image registry without additional configuration.

B : Register the image registry’s credentials in the CrowdStrike Falcon console.

C : Enable CrowdStrike image scanning through the cloud provider’s default security settings.

D : Configure an API key in the CrowdStrike Falcon console and provide it to the image registry.

Answer: B

Question 4

What happens to the data and alerts linked to a cloud account after it is deprovisioned from the Falcon console?

Options :

A : All data and alerts associated with the account are immediately and permanently deleted.

B : Data is archived for 30 days and then permanently deleted.

C : Historical data and alerts remain accessible, but new data collection stops.

D : The cloud account-s data remains visible only if the account is re-registered within 7 days.

Answer: C

Question 5

What is the recommended action after CrowdStrike Falcon identifies a potentially malicious network connection in a containerized workload?

Options :

A : Rely on cloud provider firewall logs to verify the nature of the connection.

B : Re-scan the container image used by the workload to identify vulnerabilities.

C : Automatically restart the affected container to terminate the malicious connection.

D : Block the container-s network access and perform a forensic investigation of the workload.

Answer: D