CrowdStrike CCIS - CrowdStrike Certified Identity Specialist Exam
Page: 1 / 18
Total 89 questions
Question #1 (Topic: Exam A)
What does the following Icon indicate about the user?
A. Never logged in
B. Stale
C. Not connected
D. Disabled
Answer: C
Question #2 (Topic: Exam A)
What is happening in the outlined section within this Fusion Workflow?
A. Conditional Loop
B. Sequential Loop
C. Parallel Action
D. Parallel Loop
Answer: B
Question #3 (Topic: Exam A)
Given the Falcon Fusion workflow in the figure above, which of the following correctly explains this workflow?
A. For Anomalous RPC detections of any kind, the source endpoint will be network contained
B. For Anomalous RPC detections of any kind, the source endpoint will be added to a watchlist and network contained
C. Any Identity Protection detections for Anomalous RPC (ZeroLogon) will result in the source endpoint being added to the watchlist and network contained
D. Any Identity Protection detections for Anomalous RPC (ZeroLogon) will result in the source user being added to the watchlist and restricted from future logons
Answer: C
Question #4 (Topic: Exam A)
Using the provided example detection, which of the following statements is TRUE in relation to Falcon detections and the MITRE ATT&CK Framework TTPs?
A. CrowdStrike is able to identify TTPs that don't map directory to the MITRE Framework
B. CrowdStrike is able to make updates to MITRE ATT&CK Framework TTPs with detection artifacts
C. All Falcon detections have at least one TTP from the MITRE ATT&CK Framework
D. CrowdStrike is able to combine TTPs from the MITRE ATT&CK Framework, the Cyber Kill Chain, as well as internal Falcon intelligence
Answer: A
Question #5 (Topic: Exam A)
The meaning of the icons shown are watched, inactive, privileged and _______________?
A. Unlocked
B. Programmatic Account
C. Compromised Password
D. Stale
Answer: C
