Splunk Enterprise Security Certified Admin — Question 65
Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?
Answer options
- A. Administrative Identities
- B. Local User Intel
- C. Identities
- D. Privileged Accounts
Correct answer: C
Explanation
The correct answer is C, as the Default Account Activity Detected correlation search relies on the Identities lookup table to identify known default accounts. The other options, while related to user management, do not specifically contain the information required to flag default accounts.