When creating an API client, which scope with Write permissions must be enabled prior to using Identity Protection API?
AIdentity Protection Health
BIdentity Protection GraphQL
CThere is no need for Write permissions in order to use IDP API
DIdentity Protection Assessment
What is the minimum risk score for an entity to be considered "High Risk"?
A7
B7.5
C8
D8.5
How could a conditional access policy prevent a threat actor from using a privileged account?
AAutomatically reset privileged account passwords every 30 days
BPrevent users from logging in outside business hours
CRequire multi-factor authentication when a privileged account is used from an endpoint outside the user's baseline
DAudit RDP to identity unusual access by privileged users
Which section of the Falcon menu holds information about Domain Security Overview, Identity Based Detections, Detections Dashboard, Identity-Based Incidents, and Privileged Identities?
AExplore
BEnforce
CMonitor
DConfigure
What role does a human authorizer play in the context of CrowdStrike Falcon Identity Protection?
AThey enforce password complexity rules for programmatic accounts
BThey have the authority to approve or deny multi-factor authentication requests on behalf of programmatic accounts
CThey are responsible for generating encryption keys for programmatic accounts
DThey analyze traffic data and provide recommendations for access approval
Which of the following actions under the Investigate menu will pivot to Falcon Identity Protection from an Identity-based detection?
AInvestigate involved users
BInvestigate involved endpoints
CSearch for involved entities in Threat Hunter
DSearch for events in Threat Hunter
Remediating which severity level would have the most impact on a user's risk score?
AHigh
BMedium
CLow
DCritical
A detection is a warning about a(n) _______________ security event; an event that does not conform to the pattern of behavior for an entity.
Arisky
Bactive
Canomalous
Dexclusion
On the Risk Analysis dashboard, ________________ displays a four-quadrant graph that plots the risk score and impact for each department or OU.
AMembership by Impact
BOutliers
CRisk Matrix
DImpact by Severity
You have been tasked with protecting shares on the Human Resources file server with Multi-Factor Authentication. Which of the following policy conditions would you use to trigger a Policy Rule?
AUser type
BData source
CAccess type
DSource network type
Where in the Identity Protection Module can one view the monitoring status of domain controllers?
AConnectors
BSystem Notifications
CDomains
DSettings
The Enforce section of Identity Protection is used to:
AConfigure domains, appliances, subnets, connectors, risk configuration, and settings
BDefine policy rules that determine what actions to take in response to certain triggers observed in the environment
CView all Identity Based Detections and identity based incidents in the environment
DGain an overview of the domain and indicate whether the domain follows best security practice
To enable sending Multi-factor authentication (MFA) requests to an end user, the external MFA provider must be configured first. How long does it take to register the change?
A30 minutes
B10 minutes
C5 minutes
D40 minutes
In the _______________ view, user accounts will have some of the following data: Organizational Unit, Domain / Tenant, Title, Department.
ADating Profile
BUser Management
CBusiness Card
DName Plate
An administrator wants to remove a rule from an existing rule group. How would that be accomplished?
AOpen the three-dot menu and select "Remove from group"
BOpen the three-dot menu and select "Detach from group"
CSelect the checkbox next to the individual rule and click "Ungroup"
DClick and drag the rule out of the group
Falcon Identity Protection can continuously assess identity events and associate them with potential threats WITHOUT which of the following?
AIngesting logs
BAPI-based connectors
CThe need for string-based queries
DMachine-learning-powered detection rules
How does Falcon Identity Protection work to mitigate threats that bypass the traditional MITRE framework?
ARefreshes TTPs directly from the MITRE framework on a recurring basis
BCombines the MITRE ATT&CK framework with the Cyber Kill Chain
CComplementing the MITRE framework with Falcon-specific detection methods
DComplementing the MITRE framework with other threat intelligence platforms
Which of the following would cause an identity based incident type to change?
AA user changed the incident type in the console
BAn exclusion added to the incident
CA user linked detections to the incident in the console
DDetections related to the incident
In CrowdStrike Falcon Identity Protection, what can be done when abnormal or risky user behavior is detected?
AThe incident can be escalated to the security team for further investigation
BThe Falcon user can be automatically granted additional access privileges
CAn Identity Protection message can be sent to the user and incident logs generated
DA Policy Rule can be applied to challenge the user for a second factor
