CrowdStrike Certified Falcon Administrator (CCFA) — Question 218
Which of the following includes all that can be configured to alert as a Custom IOC (Indicator of Compromise) in IOC Management?
Answer options
- A. Hash, Domain, Filename
- B. Hash
- C. Hash, Domain
- D. Hash, Domain, IP Address
Correct answer: D
Explanation
The correct answer is D, as it encompasses Hash, Domain, and IP Address, which are all valid configurations for a Custom IOC. Options A and C do not include the IP Address, which is necessary for a complete IOC configuration, while option B is too limited as it only includes Hash.