ExamGecko
Login
Home / Splunk / SPLK-5001
Ask Question

SPLK-5001: Splunk Certified Cybersecurity Defense Analyst

Vendor:
Exam Questions:
66
 Learners
  2.370
Last Updated
February - 2025
Language
English
2 Quizzes
PDF | VPLUS
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

Related questions

Question 1

Report Export Collapse

What is the following step-by-step description an example of?

1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document.

2. The attacker creates a unique email with the malicious document based on extensive research about their target.

3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.

Become a Premium Member for full access
  Unlock Premium Member

Question 2

Report Export Collapse

Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?

CASE()
CASE()
LIKE()
LIKE()
FORMAT ()
FORMAT ()
TERM ()
TERM ()
Suggested answer: D
asked 23/09/2024
gareth warner
21 questions

Question 3

Report Export Collapse

Which of the following is a best practice when creating performant searches within Splunk?

Utilize the transaction command to aggregate data for faster analysis.
Utilize the transaction command to aggregate data for faster analysis.
Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
Utilize specific fields to return only the data that is required.
Utilize specific fields to return only the data that is required.
Utilize multiple wildcards across fields to ensure returned data is complete and available.
Utilize multiple wildcards across fields to ensure returned data is complete and available.
Suggested answer: C
asked 23/09/2024
Djordje Novakovic
36 questions

Question 4

Report Export Collapse

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

Threat Intelligence Framework
Threat Intelligence Framework
Risk Framework
Risk Framework
Notable Event Framework
Notable Event Framework
Asset and Identity Framework
Asset and Identity Framework
Suggested answer: B
asked 23/09/2024
Vinayak H
35 questions

Question 5

Report Export Collapse

Which of the following data sources can be used to discover unusual communication within an organization's network?

EDS
EDS
Net Flow
Net Flow
Email
Email
IAM
IAM
Suggested answer: B
asked 23/09/2024
Dominique Dusabe
42 questions

Question 6

Report Export Collapse

An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?

Running the Risk Analysis Adaptive Response action within the Notable Event.
Running the Risk Analysis Adaptive Response action within the Notable Event.
Via a workflow action for the Risk Investigation dashboard.
Via a workflow action for the Risk Investigation dashboard.
Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.
Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.
Clicking the risk event count to open the Risk Event Timeline.
Clicking the risk event count to open the Risk Event Timeline.
Suggested answer: D
asked 23/09/2024
Rannie Dayapan
42 questions

Question 7

Report Export Collapse

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
Suggested answer: C
asked 23/09/2024
AshokBabu Kumili
43 questions

Question 8

Report Export Collapse

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

Become a Premium Member for full access
  Unlock Premium Member

Question 9

Report Export Collapse

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

Become a Premium Member for full access
  Unlock Premium Member

Question 10

Report Export Collapse

Which of the following is a correct Splunk search that will return results in the most performant way?

Become a Premium Member for full access
  Unlock Premium Member