Splunk Observability Cloud Certified Metrics User — Question 9

Enterprise Security has been configured to generate a Notable Event when a user has quickly authenticated from multiple locations between which travel would be impossible. This would be considered what kind of an anomaly?

Answer options

• A. Access Anomaly
• B. Endpoint Anomaly
• C. Identity Anomaly
• D. Threat Anomaly

Correct answer: C

Explanation

This scenario reflects an Identity Anomaly because it involves unusual authentication behavior that suggests a potential compromise of user identity. The other options do not accurately describe the nature of the anomaly, as Access, Endpoint, and Threat Anomalies pertain to different aspects of security that do not directly relate to user authentication from multiple locations.