CrowdStrike Certified Falcon Administrator (CCFA) — Question 187

A host has been Network contained with Falcon and you have been asked to update the Operating System with zero day patches. You have tried using your patch update systems for this task, but the jobs fail.

Which configuration steps in the Falcon UI will allow these activities?

Answer options

• A. Create a Containment Policy that allow lists the specific IP addresses of your patch management tools
• B. Create a Containment Policy that allow lists the Fully Qualified name of your patch management tools
• C. Remove Host containment and update the host with all patches
• D. Create a Firewall Policy that allow lists your patch management tools

Correct answer: A

Explanation

The correct answer is A because creating a Containment Policy that allow lists the specific IP addresses of your patch management tools enables those tools to communicate with the host. Options B and D are incorrect as they involve names rather than IP addresses or focus on firewall settings, which do not directly address the containment issue. Option C is also not ideal as removing containment could expose the host to risks.