CrowdStrike Certified Falcon Administrator (CCFA) — Question 203
To improve the organization's security posture, you are designing a Fusion SOAR workflow to generate an alert when critical vulnerabilities are detected by Falcon.
When creating a new workflow from scratch, what component of the workflow must be configured first?
Answer options
- A. Action
- B. Workflow Name
- C. Trigger
- D. Condition
Correct answer: C
Explanation
The correct answer is C, as the Trigger is essential for initiating the workflow based on specific events. Without defining the Trigger first, the workflow cannot respond to the detection of critical vulnerabilities. The Action, Workflow Name, and Condition are important but must follow the establishment of the Trigger.