nerdexam
Splunk

SPLK-5001 · Question #47

SPLK-5001 Question #47: Real Exam Question with Answer & Explanation

The correct answer is C. src_user. See the full explanation below for the reasoning.

Question

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

Options

  • Ausername
  • Bsrc_user_id
  • Csrc_user
  • Ddest_user

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5001 Practice