CrowdStrike
CCFA-200B · Question #249
CCFA-200B Question #249: Real Exam Question with Answer & Explanation
Sign in or unlock CCFA-200B to reveal the answer and full explanation for question #249. The question stem and answer options stay visible for context.
Question
During a simulated training exercise with your security team, an analyst used Falcon to network contain a host. It was then discovered that containing this specific host interrupted some key business processes and resulted in lost revenue. As the Falcon Administrator, what can be done to prevent this interruption in the future?
Options
- ACollaborate with the firewall engineers so that in the future, network containment would only deny
- BConfigure your containment policy to allow the IP addresses for those key business processes so
- CAdd this Falcon host to your deny list so that it is never able to be network contained again
- DEducate the analyst so they can understand and memorize which hosts are safe to network
Unlock CCFA-200B to see the answer
You've previewed enough free CCFA-200B questions. Unlock CCFA-200B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.