ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 206 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 206
Topic #: 1
[All CCFA Questions]

You will be testing detections with pentest and security tooling on your host.

How can a workflow be created to automatically assign any detection related to your pentest to yourself in real time?

  • A. Create a workflow to disable detections for your host until testing is done
  • B. Create an Event trigger workflow that triggers on an EPP Detection with an action to assign the detection to yourself
  • C. Create an Event trigger workflow that triggers on an EPP Detection with conditions looking for the desired hostname. The Action will then assign the detection to yourself.
  • D. Create a scheduled workflow to run once a day that triggers on an EPP Detection with conditions looking for the desired hostname. The Action will then assign the detection to yourself.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CiscoNoahexamtopic at June 5, 2025, 6:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aN0omY
1 week, 4 days ago
Selected Answer: C
keyword here is pentest - because you only want to know about whats happening to hosts in the pentest specifically, you want to filter out the proper host names. Can eliminate d because this is an event and a would do the opposite of help you.
upvoted 1 times
...
CiscoNoahexamtopic
1 week, 4 days ago
Selected Answer: C
In Falcon Fusion SOAR, that means: Trigger: “EPP Detection” (Endpoint Prevention Platform detection) Condition: Hostname = <your-pentest-host> (so only detections from that host fire the workflow) Action: “Assign Detection” → your user ID Putting it together: Go to Falcon Fusion SOAR → Create Workflow Select trigger Event → EPP Detection Add a condition: Hostname equals <pentest-host> Add an action: Assign Detection to <your-user> This way, any new detection on your pentest machine is caught in real time and auto‐assigned to you.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel