CrowdStrike
CCCS-203B · Question #79
CCCS-203B Question #79: Real Exam Question with Answer & Explanation
Sign in or unlock CCCS-203B to reveal the answer and full explanation for question #79. The question stem and answer options stay visible for context.
Question
A security team at a multinational corporation detects suspicious activity on multiple cloud workloads protected by CrowdStrike Falcon Cloud Security. The team needs to properly report and escalate the incident for further investigation. What is the best course of action to take immediately?
Options
- AUse Falcon Real Time Response (RTR) to immediately delete all files suspected of being
- BShut down all affected cloud workloads immediately, even before conducting a forensic analysis.
- CDelete all security logs related to the incident to prevent attackers from covering their tracks.
- DGenerate a CrowdStrike Incident Report and escalate it through the organization's Security
Unlock CCCS-203B to see the answer
You've previewed enough free CCCS-203B questions. Unlock CCCS-203B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.