Question 1

A security team is tasked with creating an image assessment policy in the Falcon Cloud to scan container images for vulnerabilities before deployment. Which of the following configurations is required to ensure the policy works as intended?

Options :

A : Enable the "Audit Mode" to enforce runtime image assessment.

B : Enable the "Real-time Scanning" option to automatically block all unscanned images.

C : Assign the policy to a specific Kubernetes namespace only.

D : Specify the severity levels (e.g., Critical, High, Medium) for vulnerabilities to flag.

Answer: D

Question 2

What is the primary step required to deprovision a cloud account from Falcon in the CrowdStrike platform?

Options :

A : Disable the cloud account integration in the Falcon console under the "Cloud Accounts" tab.

B : Delete the cloud account directly from the cloud provider-s console to automatically deprovision it from Falcon.

C : Remove all workloads and endpoints linked to the cloud account before attempting to deprovision it.

D : Revoke the API client credentials associated with the cloud account in the "API Clients and Keys" section.

Answer: A

Question 3

After identifying an account with unnecessary access privileges using the CrowdStrike CIEM/Identity Analyzer, what is the best action to mitigate risks?

Options :

A : Transfer the account-s permissions to a shared admin account for operational efficiency.

B : Delete all permissions for the account immediately.

C : Downgrade permissions to "read-only" for all resources.

D : Implement the principle of least privilege by aligning permissions with the account-s actual usage.

Answer: D

Question 4

Which of the following steps is required to configure a cloud account using APIs for integration with CrowdStrike Falcon?

Options :

A : Manually deploy CrowdStrike agents on all workloads before registering the account via APIs.

B : Provide read-only API access to the Falcon platform for monitoring and reporting.

C : Directly upload API credentials to the CrowdStrike Falcon Console without generating an API client.

D : Generate an API client with appropriate permissions and use it to authenticate and register the cloud account.

Answer: D

Question 5

What is the recommended action after CrowdStrike Falcon identifies a potentially malicious network connection in a containerized workload?

Options :

A : Rely on cloud provider firewall logs to verify the nature of the connection.

B : Re-scan the container image used by the workload to identify vulnerabilities.

C : Automatically restart the affected container to terminate the malicious connection.

D : Block the container-s network access and perform a forensic investigation of the workload.

Answer: D