Question 1

After identifying an account with unnecessary access privileges using the CrowdStrike CIEM/Identity Analyzer, what is the best action to mitigate risks?

Options :

A : Transfer the account-s permissions to a shared admin account for operational efficiency.

B : Delete all permissions for the account immediately.

C : Downgrade permissions to "read-only" for all resources.

D : Implement the principle of least privilege by aligning permissions with the account-s actual usage.

Answer: D

Question 2

While editing the cloud security posture policy in Falcon to enhance compliance with industry standards, you notice a rule that detects misconfigured IAM roles in your AWS environment. What action should you configure for this rule to prevent unauthorized access effectively?

Options :

A : Set the action to "Alert" and notify the security operations team.

B : Enable auto-remediation to delete all misconfigured IAM roles immediately.

C : Add a condition to the rule requiring all IAM roles to use least-privilege policies.

D : Set the action to "Monitor Only" to track usage of the misconfigured roles.

Answer: C

Question 3

Which of the following is the most critical step when configuring an automated remediation workflow in Falcon Fusion for AWS findings?

Options :

A : Configure the workflow to delete all flagged resources immediately upon detection.

B : Integrate AWS Security Hub with Falcon Fusion to detect findings.

C : Set up appropriate triggers and actions for specific AWS findings.

D : Ensure IAM roles in AWS grant unrestricted access for remediation actions.

Answer: C

Question 4

Which feature of the CrowdStrike Identity Analyzer enables administrators to determine the last time a specific user changed their password across the cloud infrastructure?

Options :

A : Last Password Change Tracker

B : Password Policy Manager

C : Identity Change Log

D : Access Key Analyzer

Answer: A

Question 5

After identifying a risky Azure Service Principal using the CrowdStrike CIEM/Identity Analyzer, what is the most appropriate action to mitigate the risk?

Options :

A : Immediately delete the Service Principal and its associated secrets.

B : Assign the Service Principal an "Owner" role for temporary troubleshooting purposes.

C : Rotate the Service Principal-s credentials and reduce its permissions to the minimum necessary.

D : Replace the Service Principal with a managed identity to eliminate credential-related risks.

Answer: C