CrowdStrike
CCCS-203B · Question #186
CCCS-203B Question #186: Real Exam Question with Answer & Explanation
Sign in or unlock CCCS-203B to reveal the answer and full explanation for question #186. The question stem and answer options stay visible for context.
Question
A security analyst is reviewing a CrowdStrike Falcon Cloud Security detection report. The report flags a container running in a Kubernetes cluster as exhibiting suspicious behavior. The following behaviors were detected: ?Execution of curl commands to an external unknown IP ?Multiple failed SSH connection attempts from within the container ?A new user account was created within the container ?A process spawned from /dev/shm Based on these findings, what is the most likely conclusion, and what should the security team do next?
Options
- AThe container is experiencing a misconfiguration issue with outbound networking. Restart the pod
- BThe detection is a false positive caused by an automated update process. Mark the findings as
- CThe container is likely compromised, and an attacker may be attempting lateral movement.
- DThe issue is likely due to the use of a non-root container user. Modify the container to run as root
Unlock CCCS-203B to see the answer
You've previewed enough free CCCS-203B questions. Unlock CCCS-203B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.