CrowdStrike Certified Falcon Administrator (CCFA) — Question 23

While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration would you choose?

Answer options

• A. Configure a Real Time Response policy allowlist with the specific IP addresses
• B. Configure a Containment Policy with the specific IP addresses
• C. Configure a Containment Policy with the entire internal IP CIDR block
• D. Configure the Host firewall to allowlist the specific IP addresses

Correct answer: B

Explanation

The correct choice is B because a Containment Policy specifically allows access to selected IP addresses while the host is contained. Options A and D focus on policies that do not directly manage containment access, and option C is too broad, allowing access to all internal IPs, which is not necessary for the task.