CrowdStrike Certified Falcon Administrator (CCFA) — Question 72

When a host is placed in Network Containment, which of the following is TRUE?

Answer options

• A. The host machine is unable to send or receive network traffic outside of the local network
• B. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic allowed in the Firewall Policy
• C. The host machine is unable to send or receive any network traffic
• D. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy

Correct answer: D

Explanation

The correct answer is D because when a host is in Network Containment, it is restricted from sending or receiving traffic except to/from the Falcon Cloud and any resources that are specifically allowlisted in the Containment Policy. Option A is incorrect as it limits traffic to only the local network, while option B does not account for allowlisted resources in the Containment Policy. Option C is also incorrect as it suggests no traffic is allowed at all.