Question 1

How does Falcon Identity Protection enhance a security model focused on Zero Trust principles in a domain environment?

Options :

A : By monitoring and restricting lateral movement through identity-based threat detection

B : By encrypting all network traffic within the domain

C : By automating access control policies for cloud-based applications

D : By replacing traditional firewalls and antivirus solutions

Answer: A

Question 2

An organization detects a surge in failed login attempts across several user accounts. Most of these accounts belong to employees who are not currently on active projects. The CrowdStrike platform flags multiple accounts with medium risk scores. What should the analyst do to prioritize user assessment and mitigate potential threats?

Options :

A : Focus on accounts with medium risk scores and investigate further activity patterns

B : Reset the passwords for all inactive accounts to prevent compromise

C : Ignore the flagged accounts since the risk score is not high

D : Perform a bulk audit of all employee accounts regardless of activity level

Answer: A

Question 3

Falcon Identity Protection plays a critical role in an organization’s security model by addressing identity-based threats. Where does Falcon Identity Protection fit within the broader security framework?

Options :

A : It enhances security by providing real-time monitoring and enforcement for authentication and authorization events.

B : It functions as a standalone tool that does not integrate with other CrowdStrike security products.

C : It replaces traditional endpoint protection solutions by focusing solely on identity security.

D : It is an alternative to multi-factor authentication (MFA) solutions rather than a complement to them.

Answer: A

Question 4

A company uses a scheduled task to run a proprietary script, DailyReportGenerator.ps1, which is repeatedly flagged by CrowdStrike as suspicious. The security team has verified that the task is safe and wants to prevent further detections while ensuring monitoring remains active for all other scheduled tasks. How should the team add an appropriate detection exclusion in CrowdStrike?

Options :

A : Add an exception for the specific scheduled task by its name and command-line arguments.

B : Create a detection exclusion for the hash of DailyReportGenerator.ps1.

C : Add a process exclusion for powershell.exe across all endpoints.

D : Exclude all scheduled tasks from detection alerts.

Answer: A

Question 5

According to the NIST SP 800-207 framework, which of the following is a key capability that a Zero Trust Architecture should provide?

Options :

A : Granting access to resources based on network location.

B : Allowing full access to the network for authorized users.

C : Continuous monitoring and visibility of all network traffic and user activity.

D : Trusting known devices indefinitely without reevaluation.

Answer: C