Splunk Observability Cloud Certified Metrics User — Question 43
A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.
This is an example of what type of threat-hunting technique?
Answer options
- A. Least Frequency of Occurrence Analysis
- B. Co-Occurrence Analysis
- C. Time Series Analysis
- D. Outlier Frequency Analysis
Correct answer: A
Explanation
The correct answer is A, as this approach specifically targets the infrequency of user logins to identify potentially suspicious behavior. The other options, such as Co-Occurrence Analysis and Time Series Analysis, do not focus on the rarity of occurrences and instead look at different patterns of data interaction or trends over time.