Splunk
SPLK-5001 · Question #28
SPLK-5001 Question #28: Real Exam Question with Answer & Explanation
The correct answer is D. Endpoint. See the full explanation below for the reasoning.
Question
The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?
Options
- AMalware
- BAlerts
- CVulnerabilities
- DEndpoint
Community Discussion
No community discussion yet for this question.