CrowdStrike Certified Falcon Administrator (CCFA) — Question 178

You need to create a rule to block all process executions of Telegram in your environment.
Which custom IOA rule configuration would accomplish this?

Answer options

• A. Custom IOA rule configuration cannot block non-malicious binaries from executing
• B. Custom IOA rule set to Block Execution on an Image Filename of .*Telegram.*
• C. Custom IOA rule set to Monitor on an Image Filename of .*Telegram.*
• D. Custom IOA rule set to Detect on an Image Filename of .*Telegram.*

Correct answer: B

Explanation

Answer B is correct because it explicitly sets the rule to block execution based on the image filename containing 'Telegram', effectively preventing any such processes from running. The other options either do not block execution (A, C, D) or only monitor or detect without taking action.