CrowdStrike CCCS-203b Exam - Topic 1 Question 5 Discussion

Actual exam question for CrowdStrike's CCCS-203b exam

Question #: 5
Topic #: 1

As a Falcon Administrator, you must add access for an analyst to review cloud control plane IOMs.

What least privilege role should you assign them?

ACloud Security Manager

BKubernetes and Containers Manager

CCloud Compliance Viewer

DCSPM Misconfiguration Viewer
To allow an analyst to review cloud control plane Indicators of Misconfiguration (IOMs) while maintaining least-privilege access, CrowdStrike recommends assigning the CSPM Misconfiguration Viewer role.
Cloud control plane IOMs focus on identifying insecure configurations across cloud providers, such as overly permissive IAM roles, disabled logging, public exposure of services, or noncompliant security settings. The CSPM Misconfiguration Viewer role grants read-only access to these findings, allowing analysts to investigate risks without making configuration changes.
Other roles provide broader access than required. Cloud Security Manager includes administrative and modification privileges, exceeding least-privilege requirements. Kubernetes and Containers Manager focuses on container and Kubernetes security, not cloud control plane configurations. Cloud Compliance Viewer is oriented toward compliance frameworks rather than detailed misconfiguration analysis.
By assigning the CSPM Misconfiguration Viewer role, organizations ensure analysts can perform their investigative duties safely and appropriately, aligning with CrowdStrike's role-based access control (RBAC) best practices.

Show Suggested Answer

Suggested Answer: D

by Viola at Jan 24, 2026, 04:17 PM

Limited Time Offer

25%

1 month ago

This looks like a pretty straightforward question. I think the CSPM Misconfiguration Viewer role is the way to go here.

upvoted 0 times

...