Splunk Enterprise Security Certified Admin — Question 51

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

Answer options

• A. Security domains.
• B. Threat intel.
• C. Assets.
• D. Domains.

Correct answer: B

Explanation

The correct answer is B, Threat intel, as it specifically includes data on known hostile IP addresses, which is crucial for security measures. The other options, such as Security domains, Assets, and Domains, do not focus on malicious intelligence and therefore do not serve this purpose.