CrowdStrike Certified Falcon Administrator (CCFA) — Question 15

To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Answer options

• A. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
• B. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
• C. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
• D. Using IOC management, import the list of hashes and IP addresses and set the action to No Action

Correct answer: A

Explanation

The correct answer is A because IOC management does not directly handle domain and IP blocking; it is focused on indicators of compromise rather than actions on network traffic. The other options suggest actions that IOC management can take, but they are incorrect in the context of blocking domains and IP addresses.