New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-3001 Topic 1 Question 81 Discussion

Actual exam question for Splunk's SPLK-3001 exam
Question #: 81
Topic #: 1
[All SPLK-3001 Questions]

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Felicidad at Feb 07, 2024, 05:40 AM

Limited Time Offer

25%

Off

Get Premium SPLK-3001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jamika
6 months ago
I read in the documentation that the Identities lookup table contains information about all user identities, so it makes sense to use it for default account detection.
upvoted 0 times
...
Willie
7 months ago
Hmm, that's interesting. Why do you think it's Identities, Jamika?
upvoted 0 times
...
Ashley
7 months ago
I'm not sure, but I think it could also be Local User Intel.
upvoted 0 times
...
Jamika
7 months ago
I believe it actually uses the Identities lookup table to flag known default accounts.
upvoted 0 times
...
Willie
7 months ago
I think the Default Account Activity Detected correlation search uses the Administrative Identities lookup table.
upvoted 0 times
...
Dacia
8 months ago
I believe the correct answer is Privileged Accounts, as default accounts are often given privileged access.
upvoted 0 times
...
Felicitas
8 months ago
I'm leaning towards Local User Intel, as it could also be used to flag default accounts.
upvoted 0 times
...
Lewis
8 months ago
I agree with Elden, Administrative Identities makes sense for flagging known default accounts.
upvoted 0 times
...
Elden
8 months ago
I think the Default Account Activity Detected correlation search uses Administrative Identities.
upvoted 0 times
...

Save Cancel