CrowdStrike
CCFA-200B · Question #179
CCFA-200B Question #179: Real Exam Question with Answer & Explanation
Sign in or unlock CCFA-200B to reveal the answer and full explanation for question #179. The question stem and answer options stay visible for context.
Question
Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to, "C:\Users\Bob\DevCode\felix.dll". In the detection, you see that it's triggering only on a specific Falcon IOA. What would be the best course of action for this situation?
Options
- ACreate a sensor visibility exclusion for "C:\Users\Bob\DevCode\felix.dll"
- BCreate an IOA exclusion for "C:\Users\Bob\DevCode\felix.dll"
- CCreate a Custom IOC and set it to "Allow" for "C:\Users\Bob\DevCode\felix.dll"
- DManually turn off the built-in IOA through prevention policies
Unlock CCFA-200B to see the answer
You've previewed enough free CCFA-200B questions. Unlock CCFA-200B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.