Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 17 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 17
Topic #: 1
[All CCFR-201 Questions]

What happens when a hash is set to Always Block through IOC Management?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, IOC Management allows you to manage indicators of compromise (IOCs), which are artifacts such as hashes, IP addresses, or domains that are associated with malicious activities2.You can set different actions for IOCs, such as Allow, No Action, or Always Block2.When you set a hash to Always Block through IOC Management, you are preventing that file from executing on any host in your organization by default2.This action also generates a detection alert when the file is blocked2.


by Edison at Jul 04, 2024, 08:53 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Celia
5 months ago
Blocking hashes? Sounds like a job for the Hash Busters! Wait, is that not a thing? Dang, guess I'll have to settle for option B then.
upvoted 0 times
...
Novella
5 months ago
Ah, the age-old question of hash blocking. Option A sounds like the safest bet to me - full execution prevention on all hosts. Can't be too careful these days, am I right?
upvoted 0 times
...
Cherry
5 months ago
I think the correct answer is C) Execution is prevented and detection alerts are suppressed. This way, it's more targeted and stealthy.
upvoted 0 times
...
Jacqueline
5 months ago
This is a tough one, but I reckon option D is the way to go. Gotta get those Falcon specialists to double-check before blocking anything, right?
upvoted 0 times
Gertude
4 months ago
Definitely, we don't want to accidentally block something important.
upvoted 0 times
...
Audry
4 months ago
I agree, it's important to make sure before blocking anything.
upvoted 0 times
...
Markus
4 months ago
Yeah, it's always good to have specialists confirm before taking action.
upvoted 0 times
...
Tamar
4 months ago
I think option D is the best choice too. Better safe than sorry.
upvoted 0 times
...
Stephaine
5 months ago
Yeah, it's better to be cautious and have the specialists confirm before blocking.
upvoted 0 times
...
Raymon
5 months ago
I agree, option D seems like the safest choice.
upvoted 0 times
...
...
Samira
5 months ago
Hmm, that makes sense too. It could be to limit the impact of blocking.
upvoted 0 times
...
Geoffrey
5 months ago
I believe it's actually execution is prevented on selected host groups, not all hosts.
upvoted 0 times
...
Erick
5 months ago
Hmm, I'm guessing option C is the way to go here. Execution prevented and no pesky alerts? Sign me up!
upvoted 0 times
...
Samira
5 months ago
I think when a hash is set to Always Block, execution is prevented on all hosts by default.
upvoted 0 times
...
Richelle
5 months ago
Whoa, this one's a tricky one! If I set a hash to Always Block, it better not let that thing execute on any of my hosts. Gotta keep those nasties out, you know?
upvoted 0 times
Elfriede
4 months ago
C) Execution is prevented and detection alerts are suppressed
upvoted 0 times
...
Regenia
4 months ago
A) Execution is prevented on all hosts by default
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77