Exam SPLK-5002 Topic 2 Question 16 Discussion

Actual exam question for Splunk's SPLK-5002 exam
Question #: 16
Topic #: 2
A compliance audit reveals gaps in the tracking of privileged account activities.
Howcan the team address this issue?

Suggested Answer: A Vote an answer

Privileged accounts pose ahigh security risk, and tracking their activity iscritical for compliance(e.g.,PCI DSS, NIST, ISO 27001, SOC 2).
#1. Automate Report Generation for Privileged Accounts (A)
Ensurescontinuous monitoringofadmin/root accounts.
Helpsdetect misuse or unauthorized access.
Example:
Splunk Enterprise Security (ES)can generate scheduled reports on:
Failed login attempts by privileged users.
Actions performed using admin credentials.
#Incorrect Answers:
B: Use summary indexes to delete old data# Summary indexes improve performance butdo not help track privileged accounts.
C: Focus only on low-priority account activity# Privileged accountsshould always be high-priority.
D: Exclude privileged accounts from reporting# This wouldviolate compliance requirements.
#Additional Resources:
Splunk Security Monitoring for Privileged Accounts
NIST Access Control Guide

by Elsa at Apr 27, 2026, 09:23 PM

Limited Time Offer

15%

Off

Get Premium SPLK-5002 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10