CrowdStrike Certified Falcon Administrator (CCFA) — Question 210

Your organization has determined that your cybersecurity architect needs to be notified via email whenever Falcon generates detections of a medium severity or higher. Additionally, the architect should be notified about any incidents with a CrowdScore of 1.0 or higher.

What can the Falcon Administrator do to ensure the architect is properly alerted?

Answer options

• A. Create a new Falcon user for the architect then create and assign a custom Falcon user role so they are automatically notified for the new detections and emails
• B. Add the architect's email address to the manage list for detection and incident emails from the General settings menu
• C. Create a new Falcon user for the architect and assign the Detections and Exceptions Manager role so they are automatically notified for the new detections and incidents
• D. Create a custom Fusion SOAR workflow to send an email every time a new detection or incident is created

Correct answer: B

Explanation

The correct answer is B because adding the architect's email address to the manage list ensures they receive notifications for the specified detections and incidents. Option A is incorrect as creating a new Falcon user doesn't guarantee email notifications without proper configuration. Option C, while it assigns a role, does not specifically address the email notification requirement. Option D suggests a more complex solution that may not be necessary when a simpler option is available.