CrowdStrike IDP Exam - Topic 8 Question 8 Discussion

Actual exam question for CrowdStrike's IDP exam

Question #: 8
Topic #: 8

[All IDP Questions]

When creating an API key, which scope should be selected to retrieve Identity Protection detection and incident information?

AIdentity Protection Detections

BIdentity Protection Incidents

CIdentity Protection Assessment

DIdentity Protection Data

Show Suggested Answer

Suggested Answer: A

To retrieve identity-based detections and incident-related data using the CrowdStrike APIs, the API key must include the correct permission scope. According to the CCIS curriculum, the Identity Protection Detections scope is required to access identity-based detection and incident information through GraphQL.

This scope allows API queries to retrieve:

Identity-based detections

Associated incident metadata

Detection attributes such as severity, status, and related entities

Incident data in Falcon Identity Protection is derived from detections, making the Detections scope the authoritative permission set for this information. Without this scope, GraphQL queries related to identity detections and incidents will fail authorization.

The other scopes are either too narrow or unrelated to detection retrieval. Therefore, Option A is the correct and verified answer.

by Nathalie at Apr 11, 2026, 05:03 AM

Limited Time Offer

25%

Off

Get Premium IDP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Karma

3 days ago

I think the answer might be A) Identity Protection Detections, but I'm not entirely sure. We covered something similar in class.

upvoted 0 times

...