Answer is A (However I initially thought C) - Under Endpoint Security > IOC Management > Add Indicators, you can add Hashes, Domains, and IPs. However! - IPs: You are unable to block IP addresses and can only detect or no action. - Domains: You are unable to block IP addresses and can only detect or no action.

Yo creo que la respuesta es A, ya que con IOC no se puede bloquear. Solo detectar o no tomar accion.

Answer is A. IOC management only allows "Detect only" and "No Action" among the possible actions. Therefore, it cannot be used to block based on IPs or domains. Custom IOA Rule groups allow to create rule types based on Network Connection (configuring a remote IP address) and domains, and gives the options to "Monitor", "Detect" and "Kill Process", being the late one the closest to "block". So, C is discarded because IOc does not block, and A might be the correct answer, despite not having a "block" option.

C is Exactly Correct according to CS Falcon and there is 5 options under IOC Management to in the right side corner one buttton having : Add Hashes, Domain, IP Addresses, Import with Metadata, see Audit Log. Better before sitting for CCFA-200 Exam, verify the options under CS Console or CS Documentation.

A seems correct though the IOA option in the UI is to "kill" the process. There is not a way to block.

A is correct. Custom IOA rule group can be used to block process associated with IP and domain

You can add domains to IOC management but the only actions are Detect only or no action therefore the answer is A an IOA rule should be used to block it

we can't block IP's in IOC management but we could block domains only for mobile devices. Since question is generic, Answer is A

The Answer is C ! Tested in CS (Hash/Domain /IP)

The A is the right answer. The only available actions for domains and IPs are Detect only and No action, so it is not possible to prevent them. Only hashes can be blocked with the use of IOCs.

Option A is the right one, you can add ip, domains and hashes in IOC's but cant take any action other then detect or No action. To block them IOA rule is required where kill process will act as a BLOCK

Hello guys, it's C but on cloud EU it's not possible for IP and domain unfortunately. On US cloud yes it's possible.

Checked on Falcon, Answer is C

A is the correct answer

you can't block this IP address on Falcon

I agree to ShuliAbba, there is no block action if you will add a domain or IP in IOC management. In IOA you can create rules for Domain or IP that could detect and Kill Process (meaning blocked)

Wrong!! - the correct answer is A. you can only block hashes in the IOC, the rest can be blocked via IOA.