Splunk Enterprise Security Certified Admin — Question 63

How does ES know local customer domain names so it can detect internal vs. external emails?

Answer options

• A. Web and email domain names are set in General –> General Configuration.
• B. ES extracts local email and web domains automatically from SMTP and HTTP logs.
• C. ES uses the User Activity index and applies machine learning to determine internal and external domains.
• D. The Corporate Web and Email Domain Lookups are edited during initial configuration.

Correct answer: D

Explanation

The correct answer is D because the Corporate Web and Email Domain Lookups are specifically configured to help ES recognize local domains. Options A and B are incorrect as they describe different methods of handling domain names, and C is misleading because while machine learning may be involved, the initial recognition is dependent on the configuration done during setup.