# CCFR-201 — Question 427

**Type:** multiple_choice
**Topics:** topic_1

## Question

You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

## Correct Answer

_See scenario._

---
Source: https://hiexam.net/q/crowdstrike/CCFR-201/427  
Practice (tracked): https://hiexam.net/study/CCFR-201/practice