Question 1

Which scenario best illustrates the application of analysis-based risk as opposed to detection-based risk?

Options :

A : An endpoint protection tool triggers an alert for the detection of known malware on a workstation.

B : A threat hunter observes a consistent pattern of credential misuse across multiple endpoints after reviewing system logs.

C : A security tool flags an IP address for unusually high outbound traffic, leading to an investigation.

D : A firewall blocks an IP address based on a reputation feed identifying it as malicious.

Answer: B

Question 2

Your organization conducts weekly risk assessment meetings where a report on the top 10 riskiest users is required. To streamline this process, you want to schedule an automatic email delivery of the report every Monday at 9 AM. Which of the following steps is the correct way to set up a scheduled custom report in CrowdStrike?

Options :

A : Use the "Risk Assessment" dashboard to add a scheduler widget that sends reports automatically.

B : Export the report manually every Monday and share it with stakeholders via email.

C : Create a new report in the "Custom Reports" section, enable scheduling, and specify the delivery frequency and recipients.

D : Save the report as a template and enable email notifications for all dashboard changes.

Answer: C

Question 3

In the context of potential risk factors related to identity, what does the "Severity" component assess?

Options :

A : The number of identities impacted by a breach

B : The likelihood that a vulnerability will be exploited

C : The probability that an attack will occur

D : The impact of a potential security breach if the risk materializes

Answer: D

Question 4

An organization is implementing Falcon Identity Protection to enhance its security posture. Which of the following best describes how Falcon Identity Protection protects Active Directory (AD) environments?

Options :

A : It uses agentless technology to detect and prevent identity-based attacks in real time.

B : It replaces traditional AD with a cloud-based alternative, removing the need for AD management.

C : It integrates seamlessly with Multi-Factor Authentication (MFA) solutions to reduce phishing risks but does not monitor AD activities.

D : It disables all Service Principal Names (SPNs) to prevent Kerberos-based attacks.

Answer: A

Question 5

An organization wants to implement domain security measures to protect its Active Directory environment. Which goal from the domain security overview most directly contributes to the prevention of unauthorized access to privileged accounts?

Options :

A : Enforce least privilege access across all Active Directory accounts.

B : Enable audit logging for all user activities in the domain.

C : Deploy anti-virus solutions to all endpoints within the network.

D : Disable unused domain controllers to reduce the attack surface.

Answer: A