CrowdStrike CCCS-203b Exam - Topic 5 Question 4 Discussion

Actual exam question for CrowdStrike's CCCS-203b exam

Question #: 4
Topic #: 5

You are a cloud security analyst concerned about adversaries obtaining admin privileges in your cloud environments.

Which Cloud Identity Analyzer category should you look at first?

ADefense Evasion

BExecution

CPersistence

DPrivilege Escalation
If the primary concern is adversaries obtaining administrator or elevated privileges, the first Cloud Identity Analyzer category to review is Privilege Escalation. This category focuses on techniques and misconfigurations that allow attackers to gain higher-level permissions than initially granted.
Privilege escalation in cloud environments often involves overly permissive IAM roles, abuse of service principals, misconfigured trust relationships, or exploitation of identity federation mechanisms. CrowdStrike Cloud Identity Analyzer maps these behaviors to established attack frameworks and highlights identities that could be abused to gain admin-level access.
Other categories address different stages of the attack lifecycle. Execution focuses on running malicious actions, Persistence on maintaining access, and Defense Evasion on hiding activity. While all are important, privilege escalation represents the most direct path to full environment compromise.
Therefore, the correct starting point is Privilege Escalation.

Show Suggested Answer

Suggested Answer: D

by Martina at Jan 24, 2026, 02:42 PM

Limited Time Offer

25%

1 month ago

Hmm, this is a tricky one. I think the key is to focus on the primary concern of adversaries obtaining admin privileges. That seems to point to the Privilege Escalation category as the best place to start.

upvoted 0 times

...