Which is the best way to accomplish this?

CCFA-200 V4 0 Comments

You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this.

Which is the best way to accomplish this?
A . Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
B . Using Custom Alerts in the Investigate App, create a new alert using the template"Process Execution" and within that rule, select the option to "Block Execution"
C . Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
D . Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"

Answer: C

Latest CCFA-200 Dumps Valid Version with 96 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CCFA-200 PDF     CCFA-200 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments