Splunk Enterprise Security Certified Admin — Question 34

How is notable event urgency calculated?

Answer options

• A. Asset priority and threat weight.
• B. Alert severity found by the correlation search.
• C. Asset or identity risk and severity found by the correlation search.
• D. Severity set by the correlation search and priority assigned to the associated asset or identity.

Correct answer: D

Explanation

The correct answer is D because event urgency is determined by the severity identified in the correlation search combined with the priority given to the related asset or identity. Options A, B, and C do not encompass both aspects of urgency calculation, as they either focus on individual components or lack the necessary combination of severity and priority.