The correct answer is D. Here is the explanation taken from the official CrowdStrike documentation:
"On the Containment Policy page, you can allow IP addresses over which your hosts will always be allowed to communicate, even if a host is contained."
Option C is correct:
While defining allowed IP addresses over which your hosts will communicate when contained is important, it is typically part of a broader network configuration or security policy rather than the primary purpose of a containment policy.
A containment policy specifically focuses on the conditions or triggers that necessitate placing a machine into network containment, such as detecting a critical threat. This helps ensure that immediate action is taken to isolate the affected machine and prevent the spread of potential threats.
Option C is correct:
While defining allowed IP addresses over which your hosts will communicate when contained is important, it is typically part of a broader network configuration or security policy rather than the primary purpose of a containment policy.
A containment policy specifically focuses on the conditions or triggers that necessitate placing a machine into network containment, such as detecting a critical threat. This helps ensure that immediate action is taken to isolate the affected machine and prevent the spread of potential threats.
While defining allowed IP addresses over which your hosts will communicate when contained is important, it is typically part of a broader network configuration or security policy rather than the primary purpose of a containment policy.
A containment policy specifically focuses on the conditions or triggers that necessitate placing a machine into network containment, such as detecting a critical threat. This helps ensure that immediate action is taken to isolate the affected machine and prevent the spread of potential threats.
D is correct, In the Containment Policy page have the title "Network traffic allowlist" and it only allows to add IPs or CIDR networks to exclude in the moment of the isolation of any host, because it is a global policy, not allowing make distinctions between machines.
Tested on Falcon. Containment policy is only used to allow communication to specific IPs or IP ranges when a host is contained.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vsnt89
2 months, 3 weeks agoAntiVirusAshok
3 months, 4 weeks agoAntiVirusAshok
3 months, 4 weeks agoCyberMacadamia
8 months agoAntiVirusAshok
3 months, 4 weeks agodiegofretesc
1 year, 2 months agosbag0024
1 year, 5 months agoMSKid
1 year, 6 months agoFerbOP
1 year, 7 months agochaos_mob
1 year, 7 months agoBelrose
1 year, 8 months agoShuliAbba
1 year, 10 months agoplantvast
1 year, 10 months ago