Question 1

The Risk Analysis dashboard shows that a domain in the organization has a high number of risks categorized as “Critical.” The security team needs to decide on the next steps to mitigate these risks effectively. They ask for advice on how to interpret the data and act accordingly. How should the security team prioritize their actions using the Risk Analysis dashboard?

Options :

A : Address all "Critical" risks first, as these represent the highest priority vulnerabilities or threats.

B : Investigate only risks flagged within the last 24 hours to address recent threats.

C : Focus on "Low" risks to resolve the maximum number of issues quickly and improve the overall risk score.

D : Prioritize risks related to misconfigurations, as they are easier to remediate compared to vulnerabilities.

Answer: A

Question 2

Falcon Identity Protection introduces a log-free detection approach that differs from traditional Endpoint Detection and Response (EDR) solutions. Which of the following best describes a key advantage of Falcon Identity Protection’s log-free detection mechanism compared to traditional EDR solutions?

Options :

A : It completely replaces endpoint telemetry, making EDR solutions unnecessary for security operations.

B : It provides real-time identity threat detection without relying on endpoint logs, reducing latency in threat response.

C : It only works with Windows-based endpoints and does not support cross-platform environments.

D : It only detects threats within the organization’s network perimeter, making it ineffective against cloud-based identity threats.

Answer: B

Question 3

Which of the following behaviors is most likely to increase a user’s identity risk score?

Options :

A : Accessing sensitive data during business hours from a corporate device.

B : Using a personal email address for MFA verification.

C : Repeated failed login attempts within a short timeframe.

D : Logging in from a new geographic location.

Answer: C

Question 4

Your organization has a group of third-party vendor accounts with access to non-sensitive internal systems. These accounts are monitored but do not have MFA enabled. Recent logs show unusual but non-malicious login patterns from different regions. Based on the categories of entity risk, how should this group be classified?

Options :

A : Low Risk: The accounts access non-sensitive systems, and no malicious activity has been detected.

B : Medium Risk: The unusual login patterns and lack of MFA elevate the risk slightly.

C : High Risk: Unusual login patterns indicate a likely compromise of these accounts.

D : High Risk: Third-party accounts always represent a severe risk due to external control.

Answer: B

Question 5

Which of the following best aligns with implementing Zero Trust Architecture to protect an organization’s resources?

Options :

A : Establishing a Perimeter Firewall with Intrusion Detection

B : Implementing Role-Based Access Control (RBAC) Combined with Multi-Factor Authentication (MFA)

C : Segmenting the Network Based on Traditional VLANs

D : Relying Solely on Endpoint Security Software

Answer: B