CrowdStrike Certified Falcon Administrator (CCFA) — Question 67

What impact does disabling detections on a host have on an API?

Answer options

• A. Endpoints with detections disabled will not alert on anything until detections are enabled again
• B. Endpoints cannot have their detections disabled individually
• C. DetectionSummaryEvent stops sending to the Streaming API for that host
• D. Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

Correct answer: C

Explanation

The correct answer is C because when detections are disabled, the system stops sending DetectionSummaryEvent to the Streaming API for that specific host. Option A is incorrect since it refers to alerts, not the API communication. Option B is misleading as it implies a limitation that does not exist, and option D incorrectly states a time limit, which is not relevant to the API's operation.