SMB West Tech Talk

Endpoint Security

Overwatch & Falcon Complete

Identity Protection

Cloud Security

NG SIEM & Exposure Management

100

What does "EDR" stand for?

Endpoint Detection and Response

100

According to the operating model, what are the 3 security postures for Falcon Complete?

1. Active

2. Measured

3. Cautious

100

What are the 3 types of Active Directory environments?

1. On-prem

2. Hybrid

3. Entra

100

In the new Cloud SKUs, CNAPP is a combination of runtime protection and ________?

Proactive Security

100

True or False: CrowdStrike Charges for 1st Party Falcon Data ingestion?

False

200

The Falcon Sensor is lightweight and uses around __% CPU

1-2% CPU

200

According to MITRE, what is our MTTD?

4min MTTD

200

What % of breaches involve compromised identities?

80%

200

If a customer tells you they are running K8s in AKS what Cloud Service Provider are they using?

Microsoft Azure

200

True or False: In order to have Falcon Complete for NG-SIEM, Customers Will Need to Have at least 1GB of Paid Ingestion

True

300

What are the two primary response actions that are available through NGAV?

1. Network Containment

2. Real Time Response (RTR)

300

What is our mean time to remediate?

45min

300

What allows CrowdStrike to Identity Suspicious Activity Related to Identity?

Identity Baselining (S1 does not have this!)

300

What is the Main Technical Limitation for Scanning an Application with ASPM?

Programming Language

Supported Languages

(GO, Python, Java, .NET, and NodeJS)

300

True or False: Customers Can Access Third-Party SOAR Actions for NG-SIEM with Free 10GB Ingest?

False

400

In the Falcon Console, this allows you to see details pertaining to the host

Investigate - Host Search

400

What was the average adversary breakout time last year?

48min

400

What database allows us to flag compromised passwords?

Have I Been Pwned

400

When Quoting Runtime Protection What are the Three Types of Licenses?

1.FCS –VM’s

2.FCSC – K8s Nodes

3.FMC – Managed Containers (i.e. AWS Fargate,Google Cloud Run)

400

What are the Three As of Discover?

Assets, Accounts, Application

500

CrowdStrike Scored 100% on which vendor's ransomware test?

SE Labs - https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-earns-perfect-score-in-se-labs-ransomware-evaluation/#:~:text=In%20the%202024%20SE%20Labs,for%20Advanced%20Security%20EDR%20Protection

500

Known as the "Five Eyes", where is Overwatch located?

1. US

2. UK

3. Canada

4. Australia

5. New Zealand

500

What setting needs to be enabled to use all features of Identity Protection?

Authentication Traffic Inspection (Threat hunter, Identity detections, and enforcement)

500

What is CrowdStrike's Equivalent to Wiz’s “Toxic-Combinations”

What is CrowdStrikes Equivalent to Wiz’s “Toxic-Combinations”

500

What Modules Does the FEM Bundle Include?

1. Spotlight

2. Discover

3. Surface