Question 1

You need to use the Falcon Fusion GraphQL API to retrieve login events for a specific user, identified by their email address, and only include events where the status is "success." How should you structure this query?

Options :

A : Use the getLoginEvents query with a user_email filter and a status filter set to "success".

B : Use the getLoginDetails query with a username filter and a filter for "successful" logins.

C : Use the getUserLoginActivity mutation with a user_id and status set to "success".

D : Use the queryLoginEvents mutation with a user_email field and a status of "successful".

Answer: A

Question 2

An organization detects a surge in failed login attempts across several user accounts. Most of these accounts belong to employees who are not currently on active projects. The CrowdStrike platform flags multiple accounts with medium risk scores. What should the analyst do to prioritize user assessment and mitigate potential threats?

Options :

A : Focus on accounts with medium risk scores and investigate further activity patterns

B : Reset the passwords for all inactive accounts to prevent compromise

C : Ignore the flagged accounts since the risk score is not high

D : Perform a bulk audit of all employee accounts regardless of activity level

Answer: A

Question 3

How does Falcon Identity Protection enhance a security model focused on Zero Trust principles in a domain environment?

Options :

A : By monitoring and restricting lateral movement through identity-based threat detection

B : By encrypting all network traffic within the domain

C : By automating access control policies for cloud-based applications

D : By replacing traditional firewalls and antivirus solutions

Answer: A

Question 4

Your organization conducts weekly risk reviews, and the security team needs an automated report summarizing "Anomalous Logon Activities" for all privileged accounts. The report should be scheduled to run every Friday and emailed directly to the team. What configuration should you use to schedule the custom report to meet these requirements?

Options :

A : Use the Reports tab to schedule a weekly report with filters for "Privileged Account" and "Anomalous Logon Activities", and configure email delivery.

B : Configure a new dashboard view with the required filters and rely on the team to manually check it every Friday.

C : Export the audit logs every Friday, filter them for anomalies, and manually email the team.

D : Set up a filter for "Anomalous Logon Activities" in the Event Analysis dashboard, and manually export it every Friday.

Answer: A

Question 5

Your organization has a group of third-party vendor accounts with access to non-sensitive internal systems. These accounts are monitored but do not have MFA enabled. Recent logs show unusual but non-malicious login patterns from different regions. Based on the categories of entity risk, how should this group be classified?

Options :

A : Low Risk: The accounts access non-sensitive systems, and no malicious activity has been detected.

B : Medium Risk: The unusual login patterns and lack of MFA elevate the risk slightly.

C : High Risk: Unusual login patterns indicate a likely compromise of these accounts.

D : High Risk: Third-party accounts always represent a severe risk due to external control.

Answer: B