The Default Account Activity Detected correlation search in Splunk Enterprise Security uses the "Privileged Accounts" lookup table to flag known default accounts. This table contains information about accounts with elevated privileges, including default accounts that could pose a security risk if used maliciously.
Should be A.
Reference: https://community.splunk.com/t5/Splunk-Enterprise-Security/Default-Account-Usage-Correlation-Search-All-user-as-default/m-p/333887
Also, you can run | inputlookup administrative_identities.csv to see the content.
The wording of this question is bad. Known default accounts could be assumed to be for Administrative or for VIPs. However, C is the likely answer for the question due to the identities lookup you can set the user to be flagged as a default account. A and D implies you are monitoring VIPs or elevated users, which the question is not asking.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jaemon22
3 weeks, 5 days agoDaniel9527
5 months, 2 weeks agonot_another_user_007
1 month, 2 weeks ago