Splunk Observability Cloud Certified Metrics User — Question 42

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

Answer options

• A. Malware
• B. Alerts
• C. Vulnerabilities
• D. Endpoint

Correct answer: D

Explanation

The correct answer is D, as the Endpoint data model is specifically designed to include fields related to file access controls, such as file_acl. The other options, Malware, Alerts, and Vulnerabilities, do not focus on file-level access controls and are more centered on different aspects of security events.