CrowdStrike Certified Falcon Administrator (CCFA) — Question 85

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?

Answer options

• A. SSL inspection should be configured to occur on all Falcon traffic
• B. Some network configurations, such as deep packet inspection, interfere with certificate validation
• C. HTTPS interception should be enabled to proceed with certificate validation
• D. Common sources of interference with certificate pinning include protocol race conditions and resource contention

Correct answer: B

Explanation

The correct answer is B because deep packet inspection can modify the traffic and interfere with the certificate validation process used by the Falcon sensor. Option A is incorrect as SSL inspection can hinder the sensor's ability to validate certificates. Option C is also wrong since HTTPS interception does not support the Falcon sensor's certificate validation. Option D, while related, does not specifically address the interference caused by network configurations like deep packet inspection.