Splunk Exam SPLK-3001 Topic 1 Question 81 Discussion

Actual exam question for Splunk's SPLK-3001 exam

Question #: 81
Topic #: 1

[All SPLK-3001 Questions]

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

AAdministrative Identities

BLocal User Intel

CIdentities

DPrivileged Accounts

Show Suggested Answer

Suggested Answer: C

by Felicidad at Feb 07, 2024, 05:40 AM

Limited Time Offer

25%

Off

Get Premium SPLK-3001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jamika

6 months ago

I read in the documentation that the Identities lookup table contains information about all user identities, so it makes sense to use it for default account detection.

upvoted 0 times

...

Willie

6 months ago

Hmm, that's interesting. Why do you think it's Identities, Jamika?

upvoted 0 times

...

Ashley

6 months ago

I'm not sure, but I think it could also be Local User Intel.

upvoted 0 times

...

Jamika

7 months ago

I believe it actually uses the Identities lookup table to flag known default accounts.

upvoted 0 times

...

Willie

7 months ago

I think the Default Account Activity Detected correlation search uses the Administrative Identities lookup table.

upvoted 0 times

...

Dacia

7 months ago

I believe the correct answer is Privileged Accounts, as default accounts are often given privileged access.

upvoted 0 times

...

Felicitas

7 months ago

I'm leaning towards Local User Intel, as it could also be used to flag default accounts.

upvoted 0 times

...

Lewis

7 months ago

I agree with Elden, Administrative Identities makes sense for flagging known default accounts.

upvoted 0 times

...

Elden

7 months ago

I think the Default Account Activity Detected correlation search uses Administrative Identities.

upvoted 0 times

...