Free CrowdStrike CrowdStrike-IDP Exam Questions
Try our Free Demo Practice Tests for Comprehensive CrowdStrike-IDP Exam Preparation
-
CrowdStrike CrowdStrike-IDP Exam Questions
-
Provided By: CrowdStrike
- Exam: CrowdStrike Certified Identity Specialist (CCIS)
- Certification: CrowdStrike Falcon
-
Total Questions: 240
-
Updated On: Mar 25, 2025
-
Rated: 4.9 |
-
Online Users: 480
-
Question 1
-
During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?
Answer: C
-
During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?
-
Question 2
-
During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?
Answer: C
-
During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?
-
Question 3
-
While monitoring your CrowdStrike dashboard, you notice an incident that initially appeared as "Suspicious File Download" but was later escalated to "Malware Execution." To determine why the type changed and understand the incident’s progression, which action should you take?
Answer: C
-
While monitoring your CrowdStrike dashboard, you notice an incident that initially appeared as "Suspicious File Download" but was later escalated to "Malware Execution." To determine why the type changed and understand the incident’s progression, which action should you take?
-
Question 4
-
A company uses a scheduled task to run a proprietary script, DailyReportGenerator.ps1, which is repeatedly flagged by CrowdStrike as suspicious. The security team has verified that the task is safe and wants to prevent further detections while ensuring monitoring remains active for all other scheduled tasks. How should the team add an appropriate detection exclusion in CrowdStrike?
Answer: A
-
A company uses a scheduled task to run a proprietary script, DailyReportGenerator.ps1, which is repeatedly flagged by CrowdStrike as suspicious. The security team has verified that the task is safe and wants to prevent further detections while ensuring monitoring remains active for all other scheduled tasks. How should the team add an appropriate detection exclusion in CrowdStrike?
-
Question 5
-
Your organization plans to implement CrowdStrike to streamline identity management and secure access to cloud-based applications. The goal is to integrate with an existing Identity-as-a-Service (IDaaS) provider that already manages user authentication and role-based access. Which connector type should you configure to achieve this integration effectively?
Answer: D
-
Your organization plans to implement CrowdStrike to streamline identity management and secure access to cloud-based applications. The goal is to integrate with an existing Identity-as-a-Service (IDaaS) provider that already manages user authentication and role-based access. Which connector type should you configure to achieve this integration effectively?