Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Question 204

A SOC manager is complaining that a scheduled alert for failed login attempts triggered 150 emails. They still want to be alerted of failed logins via email, but they want less volume of alerts. Which of the following would resolve this for the SOC manager?

Change the schedule so the alert runs more frequently.

Disable the alert entirely.

Change the trigger from "For each result" to "Once''.

Change the alert action from email to webhook.

Correct Answer: C

To reduce the volume of alert emails for failed login attempts, the trigger can be adjusted from 'For each result' to 'Once'. This change will ensure that instead of sending an email for each failed login attempt, the alert will only trigger a single email, consolidating the information into one alert rather than multiple.

Discussion

ncsupilotOption: C

C is correct. You change the alert frequency.

73c1843Option: C

100% Its "C"

b0d4564Option: C

fck u its C

mialuxOption: C

c is correct

nicksssOption: C

Running more frequently would not decrease the emails. C is the correct answer.

SlyLampOption: C

C is the correct answer