CrowdStrike Certified Falcon Administrator (CCFA) — Question 66

What are custom alerts based on?

Answer options

• A. Custom workflows
• B. Custom event based triggers
• C. Predefined alert templates
• D. User defined Splunk queries

Correct answer: C

Explanation

The correct answer is C, as custom alerts are typically built upon predefined alert templates that guide their parameters and conditions. Options A and B suggest workflows and triggers, which are related but not the basis for custom alerts, while D refers to queries that can be used for alerts, but again, they are not the foundational basis.