Option A: Falcon LogScale provides log analytics and can collect network event logs, but it does not

provide real-time visibility into active network connections at the process level. It is useful for post-

incident investigations but not for immediate runtime detection.

Option B: Identity Protection helps detect credential-based attacks and unauthorized access attempts but

does not monitor network connections at the process level. It is designed for preventing identity-based

56/192

threats rather than inspecting runtime network traffic.

Option C: This feature enables deep visibility into network connections at the process level within cloud

workloads, including Kubernetes containers. It allows the analyst to identify the specific containerized

process making the outbound connection, investigate its behavior, and detect potential threats.

Option D: Falcon Sandbox is used for analyzing suspicious files in an isolated environment to detect

malware behavior. It does not monitor active network connections within Kubernetes workloads.