CrowdStrike Certified Falcon Administrator (CCFA) — Question 202

What log would you use to investigate unusual activity involved with a script interfacing with the Falcon platform?

Answer options

• A. Prevention policy debug
• B. RTR session audit
• C. API audit
• D. Falcon UI audit

Correct answer: C

Explanation

The API audit log is specifically designed to track interactions with the Falcon platform through API calls, making it the best choice for investigating unusual script activity. The other options, such as the Prevention policy debug and RTR session audit, focus on different aspects of security events and are not tailored for script-related API interactions.