CrowdStrike
CCCS-203B · Question #249
CCCS-203B Question #249: Real Exam Question with Answer & Explanation
Sign in or unlock CCCS-203B to reveal the answer and full explanation for question #249. The question stem and answer options stay visible for context.
Question
CrowdStrike Falcon Cloud Security has detected anomalous behavior on a virtual machine (VM) running in a cloud environment. The following events were flagged: ?An outbound connection to torproject.org ?Multiple failed login attempts using various usernames ?The execution of base64 and nc (netcat) commands ?A process named kworker running from /tmp What is the most appropriate response to this detection?
Options
- ARun an antivirus scan on the VM and delete any flagged files to remove potential malware.
- BImmediately isolate the VM, capture memory and disk snapshots for forensic analysis, and
- CModify the VM's firewall rules to block outgoing traffic and wait for additional alerts before taking
- DIgnore the alert, as the presence of kworker is normal in Linux environments and does not indicate
Unlock CCCS-203B to see the answer
You've previewed enough free CCCS-203B questions. Unlock CCCS-203B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.