Free CrowdStrike CrowdStrike-IDP Practice Exam Questions and Answers 2026

Start Learning with the Newest and 100% Free CrowdStrike-IDP Exam Dumps Questions

Page: 1 / 72

Total 358 Questions | Updated On: Apr 02, 2026

Add To Cart

Question 1

You need to use the Falcon Fusion GraphQL API to retrieve login events for a specific user, identified by their email address, and only include events where the status is "success." How should you structure this query?

A : Use the getLoginEvents query with a user_email filter and a status filter set to "success".

B : Use the getLoginDetails query with a username filter and a filter for "successful" logins.

C : Use the getUserLoginActivity mutation with a user_id and status set to "success".

D : Use the queryLoginEvents mutation with a user_email field and a status of "successful".

Answer: A

Question 2

A company is setting up an Identity-as-a-Service (IDaaS) platform to centralize identity management and streamline Single Sign-On (SSO) for its employees. During configuration, the IT administrator must ensure that applications integrated with the IDaaS platform enforce role-based access control (RBAC). Which configuration step is essential to achieve this?

A : Enable adaptive authentication for all users.

B : Synchronize user attributes and roles from the organization-s directory service.

C : Require mandatory approval workflows for every new account creation.

D : Configure application-specific access rules directly in each application.

Answer: B

Question 3

A security analyst is investigating a suspected identity-based attack within CrowdStrike Falcon Identity Protection. The analyst wants to identify lateral movement attempts and privilege escalation actions performed by a potentially compromised user account. Which of the following investigative pivots is the most effective first step in tracking the attacker's activities?

A : Reviewing the Kerberos Ticket Granting Service (TGS) requests associated with the user account

B : Analyzing endpoint process executions associated with the user account on different hosts

C : Examining identity-related detections such as suspicious login attempts and anomalous privilege usage

D : Checking the last password reset time for the user account

Answer: C

Question 4

A company deploys Falcon Identity Protection to monitor and safeguard Active Directory environments. Which of the following features can a Falcon Identity Protection Viewer access?

A : Modify detection policies

B : Perform live response actions on identity threats

C : View detailed identity-based detection events

D : Configure Identity Threat Detection and Response (ITDR) settings

Answer: C

Question 5

Your organization uses multiple CrowdStrike instances for different departments, and you need to ensure consistent configuration across all environments. Which feature should you use to synchronize policy and configuration settings between instances?

A : Global API Token

B : Policy Export/Import

C : Connector Templates

D : Threat Intelligence Subscription

Answer: B

Page: 1 / 72

Total 358 Questions | Updated On: Apr 02, 2026

Add To Cart