CCCS-203BPreview

Which Falcon Cloud Security feature evaluates EC2 instance security posture to identify instances that would benefit from a sensor providing real-time protection?

You need to be notified when administrator-level privileges are granted programmatically.
Which capability allows visibility into this behavior across multiple providers?

Which service is required to automate with 1-click deployment directly from the CrowdStrike Falcon console?

How does CrowdStrike identify risky use of credentials and permissions within your cloud accounts?

When registering in AWS, what option is recommended to increase your security posture?

What steps can be taken to troubleshoot issues related to cloud account registrations in the Falcon Cloud Security (FCS) platform?

You are troubleshooting an issue with an Azure account registered in Falcon Cloud Security. The registration appeared to be successful but certain CSPM operations, including asset inventories and IOM detection, are failing.
How can you securely test the hypothesis that these failed CSPM operations are related to your firewall configuration?

You need to register one AWS account as part of a deployment of Falcon Cloud Security. You decide to complete the registration process in the Falcon UI.
What will be utilized during this process if you choose the recommended method to register an individual AWS account?

What criteria can you use to create exclusions for cloud scans?

You want to give your developers time to fix new CVEs.
How can this be efficiently done in Falcon Cloud Security while maintaining security of the environment?

You are concerned about overprivileged containers within your cluster.
Which IOM rule for Kubernetes will alert on containers being deployed with excessive permissions?

Your team is reviewing your Kubernetes cluster to ensure compliance with the latest industry benchmarks.
Which is an example of a configuration setting that will be flagged as non-compliant?

What is needed to achieve visibility into the latest AWS IAM 1020 restricted use of AWS CloudShell with the latest CIS Foundations Benchmarks for AWS, Azure, and Google Cloud?

Which action should be taken to configure cloud security scan exclusion settings in CrowdStrike?

What are the three image properties that can be selected when editing a Cloud Group?

You want to build a custom policy in Microsoft Azure to ensure web application diagnostic logging is not disabled for your App Service.
How do you create a custom Indicator of Misconfiguration?

There are storage buckets in your cloud environment that are publicly accessible and exposing sensitive data to potential threats.
What action can you take to identify and remediate similar misconfigurations?

What activities are carried out during the cloud inventory phase of image assessment?

What can you use to specify which assets to check against IOMs and image assessment policies while leveraging Falcon Kubernetes Admission Controller?

You are investigating unassessed images using Falcon Cloud Security.
What widget displays current totals of assessed and unassessed images in the Registry connections section under Image assessment settings?

You want to customize the GKE Autopilot policy by updating the detection severity (Critical) and the detection type (CIS benchmark deviation) along with Vulnerability ExPRT.ai severities (Critical).
Which combination will trigger the prevention?

What checks are performed on the JSON files during the assessment phase?

What is a valid reason for adding your base images into Falcon Cloud Security?