Splunk Enterprise Security Certified Admin — Question 68

A security manager has been working with the executive team on long-range security goals. A primary goal for the team is to improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

Answer options

• A. Make sure the Authentication data model contains up-to-date events and is properly accelerated.
• B. Configuring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.
• C. Configuring the identities lookup with user details to enrich notable event information for forensic analysis.
• D. Use the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.

Correct answer: B

Explanation

The correct answer is B because configuring user and website watchlists specifically allows the User Activity dashboard to flag inappropriate actions by users. Option A focuses on the Authentication data model, which is not directly related to website access monitoring. Option C is about enriching event information for analysis, which does not directly help in identifying inappropriate website usage. Option D pertains to unusual protocols rather than identifying specific inappropriate website access.