nerdexam
CrowdStrike

CCFA-200B · Question #103

CCFA-200B Question #103: Real Exam Question with Answer & Explanation

The correct answer is D. To define allowed IP addresses over which your hosts will communicate when contained. In the Containment Policy page have the title "Network traffic allowlist" and it only allows to add IPs or CIDR networks to exclude in the moment of the isolation of any host, because it is a global policy, not allowing make distinctions between machines.

Question

What is the purpose of a containment policy?

Options

  • ATo define which Falcon analysts can contain endpoints
  • BTo define the duration of Network Containment
  • CTo define the trigger under which a machine is put in Network Containment (e.g. a critical
  • DTo define allowed IP addresses over which your hosts will communicate when contained

Explanation

In the Containment Policy page have the title "Network traffic allowlist" and it only allows to add IPs or CIDR networks to exclude in the moment of the isolation of any host, because it is a global policy, not allowing make distinctions between machines.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCFA-200B Practice