CrowdStrike Certified Falcon Administrator (CCFA) — Question 109

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. What must you ensure is disabled for the sensor to communicate with the CrowdStrike Cloud?

Answer options

• A. Proxy information
• B. Deep packet inspection
• C. NMAP scanning
• D. TCP inspection

Correct answer: B

Explanation

The correct answer is B because deep packet inspection can interfere with the certificate pinning mechanism by inspecting and potentially altering the data packets, which can cause communication issues with the CrowdStrike Cloud. Options A, C, and D do not directly impact the certificate pinning process and therefore do not need to be disabled for successful communication.