CrowdStrike Certified Falcon Administrator (CCFA) — Question 9

Which of the following applies to Custom Blocking Prevention Policy settings?

Answer options

• A. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
• B. Blocklisting applies to hashes, IP addresses, and domains
• C. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
• D. You can only blocklist hashes via the API

Correct answer: A

Explanation

The correct answer is A, as it specifies that hashes need to be entered on the Prevention Hashes page before the policy can block them. Option B is incorrect because it refers to blocklisting elements that are not limited to hashes. Option C is not accurate as it discusses the execution process rather than the policy settings. Option D is wrong since hashes can be blocklisted through the Prevention Hashes page, not just via the API.