Practice Free CCCS-203b Exam Online Questions
Question #91
Which method is most effective for identifying Indicators of Attack (IOAs) in a cloud-native environment?
- A . Rely on cloud provider security tools like AWS GuardDuty or Azure Security Center
- B . Implement runtime monitoring via Kubernetes native tools such as kube-audit
- C . Deploy a CrowdStrike Falcon sensor on all endpoints
- D . Utilize CrowdStrike’s integration with cloud-native APIs for IOA detection
Correct Answer: D
D
Explanation:
Option A: Cloud provider tools offer baseline threat detection but lack the advanced IOA analysis capabilities of CrowdStrike. These tools are generally more focused on Indicators of Compromise (IOCs) rather than IOAs, which identify behaviors indicative of an attack.
Option B: Kubernetes auditing tools like kube-audit can provide some insights into cluster activity but are not specialized for detecting IOAs. These tools require significant customization to identify attack behaviors effectively.
Option C: While deploying Falcon sensors provides comprehensive runtime protection and IOA detection, this approach requires installing agents, which may not be feasible in all cloud-native environments. The question focuses on cloud-native environments, where agentless detection may be more relevant.
Option D: CrowdStrike integrates with cloud-native APIs to monitor runtime behavior, detect IOAs, and provide advanced threat protection without requiring agent installation. This approach is highly effective
in cloud-native environments where workloads are dynamic and ephemeral.
D
Explanation:
Option A: Cloud provider tools offer baseline threat detection but lack the advanced IOA analysis capabilities of CrowdStrike. These tools are generally more focused on Indicators of Compromise (IOCs) rather than IOAs, which identify behaviors indicative of an attack.
Option B: Kubernetes auditing tools like kube-audit can provide some insights into cluster activity but are not specialized for detecting IOAs. These tools require significant customization to identify attack behaviors effectively.
Option C: While deploying Falcon sensors provides comprehensive runtime protection and IOA detection, this approach requires installing agents, which may not be feasible in all cloud-native environments. The question focuses on cloud-native environments, where agentless detection may be more relevant.
Option D: CrowdStrike integrates with cloud-native APIs to monitor runtime behavior, detect IOAs, and provide advanced threat protection without requiring agent installation. This approach is highly effective
in cloud-native environments where workloads are dynamic and ephemeral.