Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFA-200 Topic 10 Question 18 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 18
Topic #: 10
[All CCFA-200 Questions]

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Serina at Apr 01, 2023, 10:12 AM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Erin
14 days ago
Option B is the way to go. I'm just imagining some poor hacker's process getting instantly vaporized. Poof!
upvoted 0 times
...
Pansy
15 days ago
I'm going with B. Seems like the best way to surgically target the bad domain without causing any collateral damage.
upvoted 0 times
...
Josephine
1 months ago
Haha, D is just plain wrong. Of course we can create custom IOA rules for domains, that's like the whole point!
upvoted 0 times
Lonna
2 days ago
A) .*badguydomain.com.*
upvoted 0 times
...
...
Bea
1 months ago
Option A seems a bit too broad. I'd be worried it might catch legitimate traffic as well. C is a bit too specific, no?
upvoted 0 times
...
Layla
2 months ago
I think option B is the correct answer. It looks like a comprehensive rule that can kill any process trying to access the bad domain.
upvoted 0 times
Nida
22 days ago
I think option A could also work, but option B seems more specific and targeted.
upvoted 0 times
...
Anastacia
1 months ago
I agree, option B seems like the most effective rule to block access to the bad domain.
upvoted 0 times
...
...
Barrie
2 months ago
Hmm, that makes sense too. Let's see what others think before we finalize our answer.
upvoted 0 times
...
Mona
2 months ago
I disagree, I believe the correct answer is A) .*badguydomain.com.* because it covers any process attempting to access the domain.
upvoted 0 times
...
Barrie
2 months ago
I think the answer is B) \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill.
upvoted 0 times
...

Save Cancel