Splunk Enterprise Security Certified Admin — Question 48

Which of the following is part of tuning correlation searches for a new ES installation?

Answer options

• A. Configuring correlation permissions.
• B. Configuring correlation adaptive responses.
• C. Configuring correlation notable event index.
• D. Configuring correlation result storage.

Correct answer: B

Explanation

The correct answer is B, as configuring correlation adaptive responses is essential for tuning searches to ensure they react appropriately to detected events. The other options, while important for overall configuration, do not directly relate to optimizing the response mechanisms of correlation searches.