CrowdStrike Certified Falcon Hunter (CCFH) — Question 14

With Custom Alerts you are able to configure email alerts using predefined templates so you're notified about specific activity in your environment. Which of the following outlines the steps required to properly create a custom alert rule?

Answer options

• A. Choose the template you would like to configure, setup how often you would like the alert to run, and then schedule the alert
• B. Choose the template you would like to configure, preview the search results, and then schedule the alert
• C. Create the query for the alert, setup the email template for the alert, and then set the schedule for the alert
• D. Create a new custom template, configure the email template, and then create the custom query for the alert

Correct answer: B

Explanation

The correct answer is B because it accurately describes the process of selecting a template, reviewing the search results, and scheduling the alert. Option A is incorrect as it mentions setting a frequency instead of previewing results, while C and D do not follow the proper sequence for creating a custom alert rule as specified in the question.