Learn how to effectively use IOA exclusions in CrowdStrike Falcon to prevent false positives and optimize threat detection for your applications.
Table of Contents
Question
Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to, “C:\Users\Bob\DevCode\felix.dll”. In the detection, you see that it’s triggering only on a specific Falcon IOA. What would be the best course of action for this situation?
A. Create a sensor visibility exclusion for “C:\Users\Bob\DevCode\felix.dll”
B. Create an IOA exclusion for “C:\Users\Bob\DevCode\felix.dll”
C. Create a Custom IOC and set it to “Allow” for “C:\Users\Bob\DevCode\felix.dll”
D. Manually turn off the built-in IOA through prevention policies
Answer
B. Create an IOA exclusion for “C:\Users\Bob\DevCode\felix.dll”
Explanation
This option allows the application to function without triggering alerts while still maintaining the overall protection of the IOA.
CrowdStrike CCFA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CrowdStrike CCFA exam and earn CrowdStrike CCFA certification.