CrowdStrike CCCS-203b Exam - Topic 6 Question 1 Discussion

Actual exam question for CrowdStrike's CCCS-203b exam

Question #: 1
Topic #: 6

What is needed to achieve visibility into the latest AWS IAM 1020 restricted use of AWS CloudShell with the latest CIS Foundations Benchmarks for AWS, Azure, and Google Cloud?

ALeverage existing IOA policy

BCreate custom IOA policy

CCreate custom IOM policy

DLeverage existing IOM policy
Visibility into AWS IAM controls, including restricted use of AWS CloudShell (CIS IAM 1.20), is provided through CrowdStrike Falcon Cloud Security posture management using Indicators of Misconfiguration (IOMs). These checks continuously evaluate cloud resources against industry-standard benchmarks, including the CIS Foundations Benchmarks for AWS, Azure, and Google Cloud.
CrowdStrike maintains prebuilt, managed IOM policies that are automatically updated to reflect the latest CIS guidance. Leveraging existing IOM policies ensures immediate coverage without the operational risk or overhead of creating and maintaining custom rules. These policies assess IAM configurations, permissions usage, service access controls, and policy enforcement related to CloudShell usage.
IOAs are designed for runtime behavioral detections and are not suitable for posture or configuration validation. Creating custom IOMs is unnecessary for CIS-aligned controls because CrowdStrike already provides validated, benchmark-mapped policies maintained by CrowdStrike security research.
Therefore, leveraging existing IOM policies is the correct and recommended approach to maintain continuous, benchmark-aligned visibility across multi-cloud environments.

Show Suggested Answer

Suggested Answer: D

by Mattie at Jan 23, 2026, 10:06 AM

Limited Time Offer

25%

1 month ago

I'm a bit confused by the terminology in this question. What are IOA and IOM policies exactly, and how do they relate to the CIS Foundations Benchmarks?

upvoted 0 times

...