Question 1

Which method is most effective for identifying Indicators of Attack (IOAs) in a cloud-native environment?

Options :

A : Implement runtime monitoring via Kubernetes native tools such as kube-audit

B : Utilize CrowdStrike’s integration with cloud-native APIs for IOA detection

C : Deploy a CrowdStrike Falcon sensor on all endpoints

D : Rely on cloud provider security tools like AWS GuardDuty or Azure Security Center

Answer: B

Question 2

Which of the following is the most critical step when configuring an automated remediation workflow in Falcon Fusion for AWS findings?

Options :

A : Configure the workflow to delete all flagged resources immediately upon detection.

B : Integrate AWS Security Hub with Falcon Fusion to detect findings.

C : Set up appropriate triggers and actions for specific AWS findings.

D : Ensure IAM roles in AWS grant unrestricted access for remediation actions.

Answer: C

Question 3

When creating an API client for cloud account integration in CrowdStrike Falcon, which of the following is a required step?

Options :

A : Generate a public-private key pair and upload the private key to Falcon

B : Assign specific API scopes to limit the client-s access

C : Grant the API client administrator privileges to all cloud accounts

D : Configure the API client to use legacy authentication methods

Answer: B

Question 4

A security team has identified an outdated Kubernetes Admission Controller policy in Falcon Cloud Security that enforces image signing requirements for container workloads. They need to update the policy to align with new organizational guidelines. What is the most appropriate way to edit this policy?

Options :

A : Disable the existing policy in Falcon Cloud Security and replace it with a new Kubernetes ConfigMap.

B : Export the existing policy as a YAML file, edit it locally, and re-import it to Falcon Cloud Security.

C : Modify the existing policy directly in the Falcon Cloud Security Console.

D : Delete the current policy and create a new one from scratch.

Answer: C

Question 5

What is the recommended action after CrowdStrike Falcon identifies a potentially malicious network connection in a containerized workload?

Options :

A : Rely on cloud provider firewall logs to verify the nature of the connection.

B : Re-scan the container image used by the workload to identify vulnerabilities.

C : Automatically restart the affected container to terminate the malicious connection.

D : Block the container-s network access and perform a forensic investigation of the workload.

Answer: D