CrowdStrike Certified Cloud Specialist - CCCS-203b Exam Practice Test

A. Define a baseline of security controls aligned with existing regulatory standards.

B. Use default CrowdStrike compliance templates without modifications.

C. Limit the framework to addressing only one regulatory standard at a time.

D. Enable monitoring for endpoints but exclude periodic reporting.

A. Runtime Inventory of Running Containers

B. Integration with CI/CD for Build-Time Analysis

C. Manual Configuration of Image Repositories

D. Image Scanning in Development Pipelines

A. Activate the Immediate Alert Policy in Falcon Central.

B. Set up recurring reports in the Falcon Dashboard.

C. Integrate Falcon Fusion with CrowdStrike Threat Graph for alerts.

D. Configure automated actions in Workflow Builder to trigger notifications.

A. Delete all objects in the unencrypted S3 bucket.

B. Generate a compliance report for the unencrypted bucket.

C. Trigger an email notification to the security team.

D. Set the S3 bucket policy to enforce encryption.

A. By enforcing MFA on cloud users

B. By scanning deployed pods

C. By identifying and fixing insecure configurations in code before deployment

D. By deploying agentless runtime protection

A. Whether billing is enabled on the Azure account

B. If the Azure AD Connect is syncing correctly

C. If proper reader and contributor roles are assigned to CrowdStrike's app registration

D. Whether the endpoint has Kubernetes RBAC enabled

A. Set the action to "Monitor Only" to track usage of the misconfigured roles.

B. Add a condition to the rule requiring all IAM roles to use least-privilege policies.

C. Enable auto-remediation to delete all misconfigured IAM roles immediately.

D. Set the action to "Alert" and notify the security operations team.

A. Identity & Cloud group

B. Event search & Asset graph

C. CloudTrail logging & Application Registration

A. Use the Falcon console to generate a report from the Image Assessment dashboard.

B. Configure the runtime protection policy to block all unassessed images from running.

C. Enable auto-deletion of unassessed images directly from the Falcon console.

D. Deploy a custom script to parse container logs for unassessed image information.

A. The sensor's configuration includes improper resource limits and requests.

B. The sensor is overloading the Kubernetes API server with frequent requests.

C. The sensor is blocking all traffic to external endpoints by default.

D. The Kubernetes nodes are running an unsupported operating system.

A. The cloud environment uses Multi-Factor Authentication (MFA) for privileged accounts.

B. The security group associated with the instance has inbound SSH access restricted to a specific IP range.

C. An IAM policy grants Administrator Access privileges to an EC2 instance profile.

D. The Falcon sensor is installed in detection mode rather than prevention mode.

A. Integrate pushing images for assessment into your CI/CD pipeline to detect vulnerabilities during the build process

B. Manually inspect each container image in the repository for vulnerabilities before deployment

C. Wait until the images are running in production and rely on host-based security tools to monitor threats

D. Perform runtime analysis of the containers after they are deployed into production

A. An account with "read-only" permissions to production resources but no login activity in 90 days.

B. An account with "limited" access to staging resources used for development purposes.

C. An account with "write" access to storage buckets and "admin" access to IAM policies but only performs read operations.

D. An account with permissions scoped to the "least privilege" principle and limited to specific resources.