Splunk
SPLK-5002 · Question #99
SPLK-5002 Question #99: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #99. The question stem and answer options stay visible for context.
Question
When creating a detection, how might an engineer ensure that all possible contextual fields about a given asset and identity are added to a risk event?
Options
- AUse | lookup identities.csv to call all available identity information in the detection output.
- BInclude the standard CIM fields (e.g. user, src, src_user, etc.) in the detection output.
- CCall an adaptive response action for Active Directory using | ldapsearch for a real-time update.
- DUse | lookup assets.csv to call all available asset information in the detection output.
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.