CCCS-203B · Question #57
CCCS-203B Question #57: Real Exam Question with Answer & Explanation
The correct answer is C. Falcon Sensor Network Visibility. Option A: Falcon LogScale provides log analytics and can collect network event logs, but it does not provide real-time visibility into active network connections at the process level. It is useful for post-incident investigations but not for immediate runtime detection. Option B:
Question
Options
- AFalcon LogScale
- BFalcon Identity Protection
- CFalcon Sensor Network Visibility
- DFalcon Sandbox
Explanation
Option A: Falcon LogScale provides log analytics and can collect network event logs, but it does not provide real-time visibility into active network connections at the process level. It is useful for post-incident investigations but not for immediate runtime detection. Option B: Identity Protection helps detect credential-based attacks and unauthorized access attempts but does not monitor network connections at the process level. It is designed for preventing identity-based threats rather than inspecting runtime network traffic. Option C: This feature enables deep visibility into network connections at the process level within cloud workloads, including Kubernetes containers. It allows the analyst to identify the specific containerized process making the outbound connection, investigate its behavior, and detect potential threats. Option D: Falcon Sandbox is used for analyzing suspicious files in an isolated environment to detect malware behavior. It does not monitor active network connections within Kubernetes
Community Discussion
No community discussion yet for this question.