ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 230 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 230
Topic #: 1
[All CCFA Questions]

A host has been Network contained with Falcon and you have been asked to update the Operating System with zero day patches. You have tried using your patch update systems for this task, but the jobs fail.

Which configuration steps in the Falcon UI will allow these activities?

  • A. Create a Containment Policy that allow lists the specific IP addresses of your patch management tools
  • B. Create a Containment Policy that allow lists the Fully Qualified name of your patch management tools
  • C. Remove Host containment and update the host with all patches
  • D. Create a Firewall Policy that allow lists your patch management tools
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by CiscoNoahexamtopic at June 4, 2025, 2:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aN0omY
1 week, 4 days ago
Selected Answer: A
This question sucks because it could be A or B but I think it's A because containment policy you can explicitly add ip addresses as per documentation
upvoted 1 times
...
CiscoNoahexamtopic
1 week, 5 days ago
Selected Answer: A
The key is to configure a Containment Policy that explicitly allow‐lists the IP addresses of your patch management tools. By doing so, even when a host is network contained, it will still be permitted to reach those IPs to download and apply patches.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel