Question 1

While editing the cloud security posture policy in Falcon to enhance compliance with industry standards, you notice a rule that detects misconfigured IAM roles in your AWS environment. What action should you configure for this rule to prevent unauthorized access effectively?

Options :

A : Set the action to "Alert" and notify the security operations team.

B : Enable auto-remediation to delete all misconfigured IAM roles immediately.

C : Add a condition to the rule requiring all IAM roles to use least-privilege policies.

D : Set the action to "Monitor Only" to track usage of the misconfigured roles.

Answer: C

Question 2

After identifying a risky Azure Service Principal using the CrowdStrike CIEM/Identity Analyzer, what is the most appropriate action to mitigate the risk?

Options :

A : Immediately delete the Service Principal and its associated secrets.

B : Assign the Service Principal an "Owner" role for temporary troubleshooting purposes.

C : Rotate the Service Principal-s credentials and reduce its permissions to the minimum necessary.

D : Replace the Service Principal with a managed identity to eliminate credential-related risks.

Answer: C

Question 3

Which of the following is the most critical step when configuring an automated remediation workflow in Falcon Fusion for AWS findings?

Options :

A : Configure the workflow to delete all flagged resources immediately upon detection.

B : Integrate AWS Security Hub with Falcon Fusion to detect findings.

C : Set up appropriate triggers and actions for specific AWS findings.

D : Ensure IAM roles in AWS grant unrestricted access for remediation actions.

Answer: C

Question 4

You are registering a new AWS account with CrowdStrike Falcon, but the process fails with an error stating:

"Insufficient permissions for role ARN."

What is the most likely cause of this issue?

Options :

A : The IAM role created for the account lacks the required policies for CrowdStrike integration.

B : The AWS account is already registered with another CrowdStrike instance.

C : The CrowdStrike Falcon sensor is not installed on the EC2 instances in the account.

D : Multi-factor authentication (MFA) is disabled on the AWS account.

Answer: A

Question 5

What is the primary action required to enable runtime protection for containers in a cloud environment using CrowdStrike Falcon?

Options :

A : Install the Falcon sensor inside each running container.

B : Update the container runtime (e.g., Docker or containerd) to the latest version.

C : Enable the runtime protection policy within the Falcon console and assign it to a host group.

D : Deploy the Falcon Container Sensor to the host running the container.

Answer: C

Smartly Prepare Exam with Free Online CrowdStrike-Cloud Practice Test

Buying Options: