Splunk Enterprise Security Certified Admin — Question 32

An administrator is asked to configure an `Nslookup` adaptive response action, so that it appears as a selectable option in the notable event's action menu when an analyst is working in the Incident Review dashboard.
What steps would the administrator take to configure this option?

Answer options

• A. Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
• B. Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
• C. Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
• D. Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

Correct answer: D

Explanation

The correct answer is D because it specifies the proper path to access the Recommended Actions section where adaptive response actions like `Nslookup` are configured for notable events. The other options either misplace the `Recommended Actions` section or use incorrect paths, making them invalid for the required configuration.