Free CrowdStrike CrowdStrike-IDP Exam Questions

Become CrowdStrike Certified with updated CrowdStrike-IDP exam questions and correct answers

Page: 1 / 60

Total 300 Questions | Updated On: Oct 29, 2025

Add To Cart

Question 1

Which of the following best aligns with implementing Zero Trust Architecture to protect an organization’s resources?

A : Establishing a Perimeter Firewall with Intrusion Detection

B : Implementing Role-Based Access Control (RBAC) Combined with Multi-Factor Authentication (MFA)

C : Segmenting the Network Based on Traditional VLANs

D : Relying Solely on Endpoint Security Software

Answer: B

Question 2

Which of the following behaviors is most likely to increase a user’s identity risk score?

A : Accessing sensitive data during business hours from a corporate device.

B : Using a personal email address for MFA verification.

C : Repeated failed login attempts within a short timeframe.

D : Logging in from a new geographic location.

Answer: C

Question 3

Your organization has a group of third-party vendor accounts with access to non-sensitive internal systems. These accounts are monitored but do not have MFA enabled. Recent logs show unusual but non-malicious login patterns from different regions. Based on the categories of entity risk, how should this group be classified?

A : Low Risk: The accounts access non-sensitive systems, and no malicious activity has been detected.

B : Medium Risk: The unusual login patterns and lack of MFA elevate the risk slightly.

C : High Risk: Unusual login patterns indicate a likely compromise of these accounts.

D : High Risk: Third-party accounts always represent a severe risk due to external control.

Answer: B

Question 4

Your security team is implementing honeytoken accounts to detect potential credential misuse in your organization. Which of the following is the best approach for creating and managing honeytoken accounts?

A : Disable honeytoken accounts after creation to avoid accidental usage.

B : Ensure that honeytoken accounts are identical to standard user accounts and log their activity daily.

C : Create accounts that resemble legitimate users but are configured to alert on any usage.

D : Use accounts with administrative privileges and ensure they are regularly accessed by administrators.

Answer: C

Question 5

During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?

A : Export all user activity logs to an external SIEM for additional analysis.

B : Initiate an account lockout to prevent further access attempts.

C : Review the user's historical behavior to identify baseline deviations.

D : Analyze global login trends for all users to identify systemic issues.

Answer: C

Page: 1 / 60

Total 300 Questions | Updated On: Oct 29, 2025

Add To Cart