Question 1

Your organization has a group of third-party vendor accounts with access to non-sensitive internal systems. These accounts are monitored but do not have MFA enabled. Recent logs show unusual but non-malicious login patterns from different regions. Based on the categories of entity risk, how should this group be classified?

Options :

A : Low Risk: The accounts access non-sensitive systems, and no malicious activity has been detected.

B : Medium Risk: The unusual login patterns and lack of MFA elevate the risk slightly.

C : High Risk: Unusual login patterns indicate a likely compromise of these accounts.

D : High Risk: Third-party accounts always represent a severe risk due to external control.

Answer: B

Question 2

How does Falcon Identity Protection enhance a security model focused on Zero Trust principles in a domain environment?

Options :

A : By monitoring and restricting lateral movement through identity-based threat detection

B : By encrypting all network traffic within the domain

C : By automating access control policies for cloud-based applications

D : By replacing traditional firewalls and antivirus solutions

Answer: A

Question 3

Your organization uses multiple CrowdStrike instances for different departments, and you need to ensure consistent configuration across all environments. Which feature should you use to synchronize policy and configuration settings between instances?

Options :

A : Global API Token

B : Policy Export/Import

C : Connector Templates

D : Threat Intelligence Subscription

Answer: B

Question 4

Your security team is implementing honeytoken accounts to detect potential credential misuse in your organization. Which of the following is the best approach for creating and managing honeytoken accounts?

Options :

A : Disable honeytoken accounts after creation to avoid accidental usage.

B : Ensure that honeytoken accounts are identical to standard user accounts and log their activity daily.

C : Create accounts that resemble legitimate users but are configured to alert on any usage.

D : Use accounts with administrative privileges and ensure they are regularly accessed by administrators.

Answer: C

Question 5

A security analyst at your organization wants to enforce multi-factor authentication (MFA) for users flagged as "high-risk" by CrowdStrike Identity Protection. To streamline the process, they decide to create a custom workflow in Falcon Fusion. Which of the following steps correctly describes how they should proceed?

Options :

A : In the Falcon Fusion module, select the "Workflow Templates" section and modify an existing template for MFA enforcement.

B : Access the Falcon Fusion module, create a new workflow, select "Custom Workflow", and configure a trigger for high-risk user events.

C : Open the Falcon Identity Dashboard, locate the high-risk users, and manually assign them to an MFA policy.

D : Navigate to the "Policies" section in Falcon Console and create an MFA policy under the "Identity Protection" tab.

Answer: B