You have 100 hashes that have been prohibited by management and need to be blocked within your organization.
Using Falcon, what is the best way to accomplish this?
A.
Navigate to Configure > IOC Management. Inside this dashboard, add a custom Prevention Policy. Add the list of hashes. Set the action to Block. Verify the policy includes Custom Execution Blocking.
B.
Navigate to Configure > Prevention policies. Inside this dashboard, add an IOC Policy. Add the list of hashes as CSV file. Set the action to “Block." Verify the option for Custom Execution Blocking is active.
C.
Navigate to Configure > IOC Management. Inside this dashboard, add a custom IOAdd the list of hashes. Set the action to Block. Verify the prevention policy includes Custom Blocking under Execution Blocking.
D.
Navigate to Configure > Prevention policies. Inside this dashboard, add an IOC Policy. Add the list of hashes as a CSV file. Set the action to “Block and Alert.” Verify the option for Custom Blocking inside Execution Blocking is active.
C is correct
to create has list for test you can use
Get-ChildItem | Get-FileHash
inside the folder contain bunch of file save Hashs as csv.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CCFA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CiscoNoahexamtopic
1 week, 6 days ago