CrowdStrike Exam CCFA-200 Topic 10 Question 18 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam

Question #: 18
Topic #: 10

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

A.*badguydomain.com.*

B\Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill

Cbadguydomain\.com.*

DCustom IOA rules cannot be created for domains

Show Suggested Answer

Suggested Answer: A

by Serina at Apr 01, 2023, 10:12 AM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Erin

1 months ago

Option B is the way to go. I'm just imagining some poor hacker's process getting instantly vaporized. Poof!

upvoted 0 times

...

Pansy

1 months ago

I'm going with B. Seems like the best way to surgically target the bad domain without causing any collateral damage.

upvoted 0 times

...

Josephine

2 months ago

Haha, D is just plain wrong. Of course we can create custom IOA rules for domains, that's like the whole point!

upvoted 0 times

2 months ago

I think option B is the correct answer. It looks like a comprehensive rule that can kill any process trying to access the bad domain.

upvoted 0 times

Nida

1 months ago

I think option A could also work, but option B seems more specific and targeted.

upvoted 0 times

...

Anastacia

2 months ago

I agree, option B seems like the most effective rule to block access to the bad domain.

upvoted 0 times

...

Barrie

3 months ago

Hmm, that makes sense too. Let's see what others think before we finalize our answer.

upvoted 0 times

...

Mona

3 months ago

I disagree, I believe the correct answer is A) .*badguydomain.com.* because it covers any process attempting to access the domain.

upvoted 0 times

...

Barrie

3 months ago

I think the answer is B) \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill.

upvoted 0 times

...