Free CrowdStrike CrowdStrike-IDP Exam Questions

Become CrowdStrike Certified with updated CrowdStrike-IDP exam questions and correct answers

Page: 1 / 60

Total 300 Questions | Updated On: Jan 13, 2025

Add To Cart

Question 1

While monitoring your CrowdStrike dashboard, you notice an incident that initially appeared as "Suspicious File Download" but was later escalated to "Malware Execution." To determine why the type changed and understand the incident’s progression, which action should you take?

A : Run a manual antivirus scan on the endpoint to verify the threat level.

B : Check if similar files were flagged in other incidents across your organization.

C : Review the incident’s activity history and associated event logs in the CrowdStrike platform.

D : Inspect the file properties and compare them with CrowdStrike’s threat intelligence database.

Answer: C

Question 2

According to the NIST SP 800-207 framework, which of the following is a key capability that a Zero Trust Architecture should provide?

A : Granting access to resources based on network location.

B : Allowing full access to the network for authorized users.

C : Continuous monitoring and visibility of all network traffic and user activity.

D : Trusting known devices indefinitely without reevaluation.

Answer: C

Question 3

Falcon Identity Protection introduces a log-free detection approach that differs from traditional Endpoint Detection and Response (EDR) solutions. Which of the following best describes a key advantage of Falcon Identity Protection’s log-free detection mechanism compared to traditional EDR solutions?

A : It completely replaces endpoint telemetry, making EDR solutions unnecessary for security operations.

B : It provides real-time identity threat detection without relying on endpoint logs, reducing latency in threat response.

C : It only works with Windows-based endpoints and does not support cross-platform environments.

D : It only detects threats within the organization’s network perimeter, making it ineffective against cloud-based identity threats.

Answer: B

Question 4

Your organization wants to set up a connector to integrate CrowdStrike with its SIEM solution. Before proceeding, you need to locate the official documentation to guide the configuration process. Where should you look to find the most accurate and up-to-date connector setup documentation for this integration?

A : CrowdStrike Community Forum

B : CrowdStrike Developer Portal

C : Third-Party Security Blogs

D : CrowdStrike Falcon Console Help Section

Answer: D

Question 5

You are tasked with generating a custom report in CrowdStrike to assist in planning a risk mitigation strategy. The report must focus on accounts exhibiting high-risk behaviors, such as excessive failed logins or abnormal activity patterns. Which configuration would best achieve this goal?

A : Filter by "Login Success Rate" and exclude all accounts with 100% successful logins.

B : Focus on accounts with password changes in the past 7 days to identify potential credential leaks.

C : Add a filter for "Behavior: Abnormal Activity" and display columns for "Risk Score" and "Event Count."

D : Include only accounts with MFA enabled to narrow the focus of the report.

Answer: C

Page: 1 / 60

Total 300 Questions | Updated On: Jan 13, 2025

Add To Cart