Splunk Enterprise Security Certified Admin — Question 49

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

Answer options

• A. Correlation editor.
• B. Key indicator search.
• C. Threat download dashboard.
• D. Protocol intelligence dashboard.

Correct answer: D

Explanation

The Protocol intelligence dashboard is crucial for a security analyst as it provides insights into network traffic patterns and anomalies. The other options, while useful in various contexts, do not specifically focus on analyzing network anomalies in the same way that the Protocol intelligence dashboard does.