ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 194 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 194
Topic #: 1
[All CCFA Questions]

Your organization has determined that your cybersecurity architect needs to be notified via email whenever Falcon generates detections of a medium severity or higher. Additionally, the architect should be notified about any incidents with a CrowdScore of 1.0 or higher.

What can the Falcon Administrator do to ensure the architect is properly alerted?

  • A. Create a new Falcon user for the architect then create and assign a custom Falcon user role so they are automatically notified for the new detections and emails
  • B. Add the architect's email address to the manage list for detection and incident emails from the General settings menu
  • C. Create a new Falcon user for the architect and assign the Detections and Exceptions Manager role so they are automatically notified for the new detections and incidents
  • D. Create a custom Fusion SOAR workflow to send an email every time a new detection or incident is created
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CiscoNoahexamtopic at June 6, 2025, 7:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CiscoNoahexamtopic
1 week, 4 days ago
Selected Answer: B
Detection and incident emails Manage which addresses get notified about detections and incidents. Consider using a distribution list if addresses change often. Emails are typically sent once per day for each detection at Medium severity or incident at 1.0 and above.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel