CrowdStrike Certified Falcon Administrator (CCFA) — Question 2

What is the purpose of a containment policy?

Answer options

• A. To define which Falcon analysts can contain endpoints
• B. To define the duration of Network Containment
• C. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
• D. To define allowed IP addresses over which your hosts will communicate when contained

Correct answer: D

Explanation

The correct answer is D because a containment policy specifically determines the IP addresses that hosts can use to communicate while they are in a contained state. Options A, B, and C, while related to containment, do not pertain to the definition of allowed IP addresses during containment.