Splunk Observability Cloud Certified Metrics User — Question 65

Which of the following is not considered an Indicator of Compromise (IOC)?

Answer options

• A. A specific domain that is utilized for phishing.
• B. A specific IP address used in a cyberattack.
• C. A specific file hash of a malicious executable.
• D. A specific password for a compromised account.

Correct answer: D

Explanation

A specific password for a compromised account is not classified as an IOC because it is not a technical artifact that can be used for detection or analysis of a breach. In contrast, the other options (domain, IP address, and file hash) are all concrete indicators that security analysts can use to identify and respond to threats.