CrowdStrike Certified Security Engineer (CCSE) — Question 10

Following the principle of least privilege, which is the appropriate role to grant a Falcon Next-Gen SIEM user the permissions to read case data and write XDR data while denying the permission to write case templates?

Answer options

• A. NG SIEM Security Lead
• B. NG SIEM Analyst – Read Only
• C. NG SIEM Analyst
• D. NGSIEM Administrator

Correct answer: C

Explanation

The correct answer is C, NG SIEM Analyst, as this role allows reading case data and writing XDR data without the ability to modify case templates. Option A grants broader permissions than necessary, B restricts the user to read-only access, and D provides administrative privileges that exceed the requirements.