CrowdStrike Certified Falcon Administrator (CCFA) — Question 110

After Network Containing a host, your Incident Response team states they are unable to remotely connect to the host. Which of the following would need to be configured to allow remote connections from specified IP's?

Answer options

• A. Response Policy
• B. IP Allowlist Management
• C. Maintenance Token
• D. Containment Policy

Correct answer: D

Explanation

The correct answer is D, as a Containment Policy is essential for specifying which IP addresses are allowed access to a host during an incident. Options A, B, and C do not specifically address the need for allowing remote connections from certain IPs during this scenario.