CrowdStrike Certified Falcon Responder (CCFR) — Question 18

You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

Answer options

• A. IP Addresses
• B. Remote or Network Logon Activity
• C. Remote Access Graph
• D. Hash Executions

Correct answer: A

Explanation

The correct answer is A, as the 'IP Addresses' section is specifically designed to track and analyze activities related to specific IPs. The other options focus on different types of data or activities that do not directly relate to monitoring the specific IP address in question.