ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 245 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 245
Topic #: 1
[All CCFA Questions]

During a simulated training exercise with your security team, an analyst used Falcon to network contain a host. It was then discovered that containing this specific host interrupted some key business processes and resulted in lost revenue.

As the Falcon Administrator, what can be done to prevent this interruption in the future?

  • A. Collaborate with the firewall engineers so that in the future, network containment would only deny external IP addresses and no internal IP addresses
  • B. Configure your containment policy to allow the IP addresses for those key business processes so that your hosts will be allowed to communicate with them, even if those hosts are contained
  • C. Add this Falcon host to your deny list so that it is never able to be network contained again
  • D. Educate the analyst so they can understand and memorize which hosts are safe to network contain, and which would cause harm if contained
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CiscoNoahexamtopic at June 4, 2025, 1:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CiscoNoahexamtopic
1 week, 6 days ago
Selected Answer: B
B is correct To prevent key internal systems from being blocked when a host is network‐contained, you should configure your Containment Policy to allow those specific IP addresses. In Falcon, this is done by creating a Containment Policy that includes an allowlist of the critical internal IPs—so even when a host is contained, it still can communicate with those systems for patching or business needs.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel