Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFA-200 Topic 10 Question 18 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 18
Topic #: 10
[All CCFA-200 Questions]

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Serina at Apr 01, 2023, 10:12 AM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Erin
3 months ago
Option B is the way to go. I'm just imagining some poor hacker's process getting instantly vaporized. Poof!
upvoted 0 times
...
Pansy
3 months ago
I'm going with B. Seems like the best way to surgically target the bad domain without causing any collateral damage.
upvoted 0 times
Paris
1 months ago
D) Custom IOA rules cannot be created for domains
upvoted 0 times
...
Deeanna
1 months ago
C) badguydomain\.com.*
upvoted 0 times
...
Taryn
1 months ago
B) \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
upvoted 0 times
...
Ressie
2 months ago
A) .*badguydomain.com.*
upvoted 0 times
...
...
Josephine
4 months ago
Haha, D is just plain wrong. Of course we can create custom IOA rules for domains, that's like the whole point!
upvoted 0 times
Krystal
1 months ago
I agree, D is definitely wrong. We can create custom IOA rules for domains.
upvoted 0 times
...
Margart
1 months ago
C) badguydomain\\.com.*
upvoted 0 times
...
Sina
1 months ago
B) \\Device\\HarddiskVolume2\\*.exe -SingleArgument www.badguydomain.com /kill
upvoted 0 times
...
Hollis
1 months ago
A) .*badguydomain.com.*
upvoted 0 times
...
Blythe
2 months ago
Let's go with C) badguydomain\\.com.*
upvoted 0 times
...
Howard
2 months ago
B) \\Device\\HarddiskVolume2\\*.exe -SingleArgument www.badguydomain.com /kill
upvoted 0 times
...
Glenn
2 months ago
I think B might be the correct option.
upvoted 0 times
...
Gregoria
2 months ago
A) .*badguydomain.com.*
upvoted 0 times
...
Herminia
2 months ago
Yeah, D is definitely not the right answer.
upvoted 0 times
...
Stefan
2 months ago
C) badguydomain\\.com.*
upvoted 0 times
...
Terrilyn
2 months ago
B) \\Device\\HarddiskVolume2\\*.exe -SingleArgument www.badguydomain.com /kill
upvoted 0 times
...
Lonna
2 months ago
A) .*badguydomain.com.*
upvoted 0 times
...
...
Bea
4 months ago
Option A seems a bit too broad. I'd be worried it might catch legitimate traffic as well. C is a bit too specific, no?
upvoted 0 times
...
Layla
4 months ago
I think option B is the correct answer. It looks like a comprehensive rule that can kill any process trying to access the bad domain.
upvoted 0 times
Nida
3 months ago
I think option A could also work, but option B seems more specific and targeted.
upvoted 0 times
...
Anastacia
3 months ago
I agree, option B seems like the most effective rule to block access to the bad domain.
upvoted 0 times
...
...
Barrie
4 months ago
Hmm, that makes sense too. Let's see what others think before we finalize our answer.
upvoted 0 times
...
Mona
4 months ago
I disagree, I believe the correct answer is A) .*badguydomain.com.* because it covers any process attempting to access the domain.
upvoted 0 times
...
Barrie
4 months ago
I think the answer is B) \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill.
upvoted 0 times
...

Save Cancel