CrowdStrike Certified Falcon Administrator (CCFA) — Question 18

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

Answer options

• A. .*badguydomain\.com.*
• B. \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
• C. badguydomain\.com.*
• D. Custom IOA rules cannot be created for domains

Correct answer: A

Explanation

Option A is correct as it uses a regex pattern that matches any process accessing the specified domain, making it effective for the task. Option B is incorrect because it specifies a path and command that does not match the requirement of targeting domain access. Option C is also not valid since it lacks the proper regex anchors to effectively capture all variations of the domain access. Option D is false as Custom IOA rules can be created for domains.