IDP Exam Dumps : CrowdStrike Certified Identity Specialist(CCIS) Exam

GraphQL is the underlying query technology used by multiple CrowdStrike platforms, including Falcon Identity Protection. According to the CCIS curriculum,GraphQL examples are documented under the broader “CrowdStrike APIs” documentation category, not limited to a single product.

The CrowdStrike APIs section includes:

Authentication and API key usage

GraphQL schema references

Example GraphQL queries and mutations

Pagination, filtering, and response handling

While Identity Protection uses GraphQL for identity-specific queries, the examples themselves are centralized underCrowdStrike APIsto provide consistency across Falcon modules. Product-specific use cases are then layered on top of these core examples.

The other options are incorrect:

Threat Intelligence focuses on adversary data.

XDR covers detection and correlation concepts.

Identity Protection APIs describe endpoints and permissions, not general GraphQL usage examples.

Therefore,Option Ais the correct and verified answer.

To integrate Falcon Identity Protection withAzure AD (Entra ID)as an Identity-as-a-Service (IDaaS) provider, specific application-level credentials are required. According to the CCIS curriculum, the connector configuration requiresTenant Domain,Application (Client) ID, andApplication Secret.

These values are generated when registering an application in Azure AD and are used to authenticate Falcon Identity Protection securely via OAuth-based API access. This method ensures least-privilege access and allows the connector to ingest cloud authentication activity and apply SSO-related policy enforcement.

Other options list incomplete or incorrect credential combinations. Therefore,Option Dis the correct and verified answer.

Authentication Traffic Inspection (ATI) is a foundational capability of Falcon Identity Protection that enables the platform to analyze authentication traffic from domain controllers. According to the CCIS documentation, ATI is enabled throughIdentity configuration policies.

Identity configuration policies define how the Falcon sensor captures and inspects authentication-related traffic, including Kerberos, NTLM, LDAP, and other identity protocols. Enabling ATI at this level ensures that domain controllers provide the necessary telemetry for identity risk analysis, detections, and behavioral profiling.

The other options are incorrect because:

Identity management settings focus on identity governance and administration.

Identity detection configuration controls detection logic, not traffic inspection.

Identity protection settings manage high-level configuration but do not directly enable ATI.

Because ATI must be explicitly enabled viaIdentity configuration policies,Option Ais the correct and verified answer.