Splunk Enterprise Security Certified Admin — Question 93

How is it possible to navigate to the list of currently-enabled ES correlation searches?

Answer options

• A. Configure -> Correlation Searches -> Select Status ג€Enabledג€
• B. Settings -> Searches, Reports, and Alerts -> Filter by Name of ג€Correlationג€
• C. Configure -> Content Management -> Select Type ג€Correlationג€ and Status ג€Enabledג€
• D. Settings -> Searches, Reports, and Alerts -> Select App of ג€SplunkEnterpriseSecuritySuiteג€ and filter by ג€-Ruleג€

Correct answer: C

Explanation

The correct answer is C because it directly leads to the Content Management section where you can filter for correlation searches by type and status. Options A and B do not provide a pathway to specifically filter by both type and status, while option D focuses on a specific app and does not address the correlation searches directly.