CrowdStrike Certified Falcon Administrator (CCFA) — Question 136

After enabling an IOA rule and its respective rule group, what else must be done for an IOA to be fully functional?

Answer options

• A. Nothing else needs to be done; the rule should start working
• B. The rule group must be assigned to one or more prevention policies
• C. The rule needs to be manually triggered to ensure it works as intended
• D. You must individually select which hosts you would like to apply to rule to

Correct answer: B

Explanation

The correct answer is B because assigning the rule group to prevention policies is essential for the rule to take effect within the system. Options A, C, and D are incorrect as they do not involve the necessary integration of the rule group with prevention policies, which is critical for IOA functionality.