CCCS-203b Exam Dumps : CrowdStrike Certified Cloud Specialist

To secure an AWS Elastic Kubernetes Service (EKS) cluster running on Amazon Linux 2–based EC2 instanceswith container-level visibility, CrowdStrike Falcon documentation identifies theFalcon Container Sensor for Linuxas the correct solution. This sensor is part of Falcon Cloud Security and is purpose-built to protect Kubernetes and containerized workloads.

The Falcon Container Sensor for Linux is deployed as a container (commonly as a DaemonSet) on each Kubernetes worker node. It integrates with the underlying Linux kernel to observe container runtime activity while maintaining Kubernetes awareness. This allows CrowdStrike to deliver deep visibility into container processes, file system activity, network connections, and inter-container behavior—capabilities that are not available with host-only sensors.

TheFalcon Sensor for Linuxprotects the EC2 host operating system but does not provide container-aware telemetry or Kubernetes context. TheFalcon Kubernetes Admission Controlleris a pre-runtime control used to enforce image and deployment policies at admission time, not to provide runtime detection.Image Assessment at Runtimeis a feature for evaluating container images and is not a deployable sensor.

Because the requirement explicitly includesruntime protection and container-level visibility within EKS, the Falcon Container Sensor for Linux is the only option that fully satisfies these needs according to CrowdStrike Falcon Cloud Security architecture and documentation.

When registering an individual AWS account in CrowdStrike Falcon Cloud Security using the Falcon UI, therecommended and supported method is AWS CloudFormation. CrowdStrike provides a prebuilt CloudFormation template that automates the creation of required AWS resources, including IAM roles, permissions, and trust relationships needed for secure, read-only API access.

Using CloudFormation ensures the deployment isconsistent, auditable, and aligned with AWS best practices. It minimizes human error by automatically configuring the correct permissions required for Falcon to collect configuration, identity, and resource metadata from AWS. This method also simplifies lifecycle management—resources can be updated or removed cleanly by managing the CloudFormation stack.

Other options are not recommended for this use case.AWS Configis a native AWS compliance service but does not handle Falcon onboarding.Terraform scriptsmay be used in advanced or large-scale automation scenarios, but they are not the default or recommended approach for single-account registration in the Falcon UI.Bash scriptslack governance, validation, and repeatability.

Therefore, when registering a single AWS account through the Falcon console,AWS CloudFormationis the correct and CrowdStrike-recommended method.

In CrowdStrike Falcon Cloud Security, Cloud Groups are used to logically group container images so that policies, assessments, and controls can be applied consistently across workloads. When editing or defining a Cloud Group for container images, Falcon allows administrators to select specificimage propertiesto precisely target the desired scope.

The three supported image properties areRegistry, Repository, and Tag.

Registryidentifies where the container image is hosted, such as Amazon ECR, Azure Container Registry, or Docker Hub.

Repositorydefines the image namespace or project within the registry.

Tagspecifies the image version or variant (for example, latest, v1.2.3, or prod).

Using these three properties together enables highly granular targeting. For example, security teams can apply stricter policies only to production-tagged images from a specific registry and repository, while allowing more flexibility for development images.

Options that includeNameare incorrect because CrowdStrike does not use a standalone “image name” field when defining Cloud Group image criteria. Instead, image identity is derived from the combination of registry, repository, and tag.

Therefore, the correct and fully supported selection isRegistry, Repository, and Tag, which aligns with CrowdStrike Falcon Cloud Security configuration and documentation.