CrowdStrike Certified Falcon Responder (CCFR) — Question 35

What happens when a hash is set to Always Block through IOC Management?

Answer options

• A. Execution is prevented on all hosts by default
• B. Execution is prevented on selected host groups
• C. Execution is prevented and detection alerts are suppressed
• D. The hash is submitted for approval to be blocked from execution once confirmed by Falcon specialists

Correct answer: B

Explanation

The correct answer is B, as setting a hash to Always Block specifically targets selected host groups for blocking execution. Option A is incorrect because it implies a universal block on all hosts rather than specific groups. Option C is wrong because it mentions suppression of detection alerts, which is not part of the Always Block setting, while option D incorrectly suggests a submission process that does not apply in this context.