Free CrowdStrike CrowdStrike-IDP Exam Questions

Become CrowdStrike Certified with updated CrowdStrike-IDP exam questions and correct answers

Page: 1 / 48

Total 240 Questions | Updated On: Mar 26, 2025

Add To Cart

Question 1

Your organization plans to implement CrowdStrike to streamline identity management and secure access to cloud-based applications. The goal is to integrate with an existing Identity-as-a-Service (IDaaS) provider that already manages user authentication and role-based access. Which connector type should you configure to achieve this integration effectively?

A : Configure an MFA connector to enforce authentication policies through the IDaaS provider.

B : Disable connectors entirely and configure CrowdStrike policies directly.

C : Use the MFA connector and create manual rules for IDaaS integration.

D : Configure an IDaaS connector to integrate the existing identity provider with CrowdStrike.

Answer: D

Question 2

During a security review, a CrowdStrike Falcon Identity Threat Detection alert is triggered for a high-risk user attempting to access a sensitive application from an unusual geographic location. As a security analyst, you need to investigate the incident further using available pivots in the CrowdStrike console. Which of the following actions is the most appropriate first step for an identity-based investigation?

A : Export all user activity logs to an external SIEM for additional analysis.

B : Initiate an account lockout to prevent further access attempts.

C : Review the user's historical behavior to identify baseline deviations.

D : Analyze global login trends for all users to identify systemic issues.

Answer: C

Question 3

What is the primary role of Falcon Identity Protection's domain controller integration in inspecting traffic for identity protection?

A : To passively monitor authentication traffic without disrupting domain operations.

B : To block all unauthenticated traffic before it reaches the domain controller.

C : To replace traditional domain controller authentication mechanisms with Falcon's proprietary protocols.

D : To decrypt all SSL/TLS traffic in the domain for inspection.

Answer: A

Question 4

The Risk Analysis dashboard shows that a domain in the organization has a high number of risks categorized as “Critical.” The security team needs to decide on the next steps to mitigate these risks effectively. They ask for advice on how to interpret the data and act accordingly. How should the security team prioritize their actions using the Risk Analysis dashboard?

A : Address all "Critical" risks first, as these represent the highest priority vulnerabilities or threats.

B : Investigate only risks flagged within the last 24 hours to address recent threats.

C : Focus on "Low" risks to resolve the maximum number of issues quickly and improve the overall risk score.

D : Prioritize risks related to misconfigurations, as they are easier to remediate compared to vulnerabilities.

Answer: A

Question 5

According to the NIST SP 800-207 framework, which of the following is a key capability that a Zero Trust Architecture should provide?

A : Granting access to resources based on network location.

B : Allowing full access to the network for authorized users.

C : Continuous monitoring and visibility of all network traffic and user activity.

D : Trusting known devices indefinitely without reevaluation.

Answer: C

Page: 1 / 48

Total 240 Questions | Updated On: Mar 26, 2025

Add To Cart