CCFA-200B · Question #3
CCFA-200B Question #3: Real Exam Question with Answer & Explanation
The correct answer is C. Predefined alert templates. Scheduling a Custom Alert for your environment consists of three steps: choosing the template you'd like to configure, previewing the search results, then scheduling the alert. Use Custom Alerts to configure email alerts using predefined templates so you're notified about specifi
Question
Options
- ACustom workflows
- BCustom event based triggers
- CPredefined alert templates
- DUser defined Splunk queries
Explanation
Scheduling a Custom Alert for your environment consists of three steps: choosing the template you'd like to configure, previewing the search results, then scheduling the alert. Use Custom Alerts to configure email alerts using predefined templates so you're notified about specific activity in your environment. When an alert runs and finds results, it sends an email to specified recipients instead of generating a new detection. Custom Alerts let you set up email alerts based on predefined templates that cover a wide range of topics including Real Time Response session initiation, host containment, OS security settings, and more that are not yet covered by notification workflows.
Community Discussion
No community discussion yet for this question.