Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Crowdstrike Discussions

Exam CCFA topic 1 question 17 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 17
Topic #: 1
[All CCFA Questions]

Which of the following applies to Custom Blocking Prevention Policy settings?

  • A. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
  • B. Blocklisting applies to hashes, IP addresses, and domains
  • C. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
  • D. You can only blocklist hashes via the API
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by plantvast at Jan. 20, 2023, 4:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
diegofretesc
6 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times
...
Manuneethi
9 months, 1 week ago
A is correct : Custom Blocking enables blocklisting by hash, via hashes you add to IOC Management with the option set to Block.
upvoted 1 times
...
sbag0024
10 months, 1 week ago
Selected Answer: C
C? bad question imo.
upvoted 1 times
...
MSKid
10 months, 3 weeks ago
Selected Answer: A
Sounds like A to me: Falcon allows you to upload hashes from your own black or white lists. To enabled this navigate to the Configuration App, Prevention hashes window, and click on “Upload Hashes” in the upper right-hand corner. Note that you can also automate the task of importing hashes with the CrowdStrike Falcon® API.
upvoted 1 times
...
FerbOP
12 months ago
Selected Answer: C
C is correct - Block processes matching hashes that you add to IOC Management with action Block
upvoted 1 times
...
3xploit
1 year ago
Selected Answer: A
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/ A for me
upvoted 2 times
...
im2ca
1 year ago
Selected Answer: D
AUTO, N-1, N-2
upvoted 2 times
...
testmailuc
1 year, 1 month ago
Selected Answer: A
Check here: https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/
upvoted 1 times
...
Jek88
1 year, 2 months ago
C is the correct answer.
upvoted 2 times
testmailuc
1 year, 1 month ago
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/
upvoted 1 times
...
...
kgbac
1 year, 2 months ago
Prevention policies don't block custom IOC management you can add link to custom IOA rules. That mean C is the correct answer.
upvoted 2 times
testmailuc
1 year, 1 month ago
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/
upvoted 1 times
...
...
ShuliAbba
1 year, 2 months ago
@plantvast - I think you might be wrong because you cannot block IPs and domains, only hashes in the IOC + as written in the policy section "Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
upvoted 1 times
plantvast
1 year, 2 months ago
You can actually add hashes, domains and IP addresses on IOC management. Navigate to the page in Falcon and attempt to a new indicator and the options will appear.
upvoted 1 times
ShuliAbba
1 year, 2 months ago
you are right and wrong my friend, adding IPs and domains in the IOC is indeed possible, but not with "block" action on them - only "detect" or "no action".
upvoted 2 times
ShuliAbba
1 year, 2 months ago
from the "Custom Blocking" policy section - "Block processes matching hashes that you add to IOC Management with the action set to "Block" or "Block, hide detection".
upvoted 2 times
...
...
...
...
plantvast
1 year, 3 months ago
Selected Answer: B
Custom blocking in prevention policies referes to hashes, ips, and domains added to IOC Management.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel