Splunk Enterprise Security Certified Admin — Question 6

What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?

Answer options

• A. ess_user
• B. ess_admin
• C. ess_analyst
• D. ess_reviewer

Correct answer: C

Explanation

The correct answer, C. ess_analyst, is designated for individuals who analyze and take responsibility for incidents within the dashboard. Options A. ess_user and B. ess_admin do not provide the necessary permissions for incident ownership, while D. ess_reviewer is more suited for reviewing rather than managing incidents.