Splunk Enterprise Security Certified Admin — Question 76

Which columns in the Assets lookup are used to identify an asset in an event?

Answer options

• A. src, dvc, dest
• B. cidr, port, netbios, saml
• C. ip, mac, dns, nt_host
• D. host, hostname, url, address

Correct answer: C

Explanation

The correct answer is C, as the columns 'ip', 'mac', 'dns', and 'nt_host' are specifically designed to uniquely identify assets in network events. Options A, B, and D contain columns that do not serve this identification purpose effectively, as they pertain to different types of data or protocols.