Free CrowdStrike CCCS-203b Actual Exam Questions - Question 11 Discussion
outbound traffic from a Kubernetes pod to an unknown external IP. The analyst needs to determine
whether the traffic is malicious and identify the process responsible for the connection. Which
CrowdStrike Falcon feature should the analyst use to identify network connections at the process level?
C imo. Falcon Sensor Network Visibility is the only option that specifically links network connections to individual processes, which is exactly what’s needed here. The other options are more about logs, identity, or sandboxing, not real-time process-level network monitoring. As others said, there might be version or config requirements for Kubernetes, but the feature itself is designed for this use case.
Maybe C, since it tracks network activity linked to specific processes inside containers.
D imo, Falcon Sandbox mainly analyzes files and behavior in isolated environments, so it wouldn't directly show live network connections or processes in Kubernetes pods like option C does.
The best choice seems to be C because Falcon Sensor Network Visibility is designed to provide detailed network connection data linked to specific processes, which fits the need here. C
Does Falcon Sensor Network Visibility (C) show process-level network connections for Kubernetes pods specifically, or is additional setup needed to see those details in a cloud workload environment?