ExamGecko
Login
Home / Splunk / SPLK-5001 / List of questions
Ask Question

Splunk SPLK-5001 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

When searching in Splunk, which of the following SPL commands can be used to run a subsearch across every field in a wildcard field list?

foreach
foreach
rex
rex
makeresults
makeresults
transaction
transaction
Suggested answer: A
asked 23/09/2024
Garvey Butler
44 questions

Question 2

Report Export Collapse

How are Notable Events configured in Splunk Enterprise Security?

During an investigation.
During an investigation.
As part of an audit.
As part of an audit.
Via an Adaptive Response Action in a regular search.
Via an Adaptive Response Action in a regular search.
Via an Adaptive Response Action in a correlation search.
Via an Adaptive Response Action in a correlation search.
Suggested answer: D
asked 23/09/2024
Kabi Bashala
36 questions

Question 3

Report Export Collapse

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

host
host
dest
dest
src_nt_host
src_nt_host
src_ip
src_ip
Suggested answer: D
asked 23/09/2024
Thanh Tran
34 questions

Question 4

Report Export Collapse

Which of the following is a best practice when creating performant searches within Splunk?

Utilize the transaction command to aggregate data for faster analysis.
Utilize the transaction command to aggregate data for faster analysis.
Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
Utilize specific fields to return only the data that is required.
Utilize specific fields to return only the data that is required.
Utilize multiple wildcards across fields to ensure returned data is complete and available.
Utilize multiple wildcards across fields to ensure returned data is complete and available.
Suggested answer: C
asked 23/09/2024
Djordje Novakovic
36 questions

Question 5

Report Export Collapse

Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?

SSE
SSE
ESCU
ESCU
Threat Hunting
Threat Hunting
InfoSec
InfoSec
Suggested answer: B
asked 23/09/2024
Inkisar Malik
36 questions

Question 6

Report Export Collapse

Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?

CASE()
CASE()
LIKE()
LIKE()
FORMAT ()
FORMAT ()
TERM ()
TERM ()
Suggested answer: D
asked 23/09/2024
gareth warner
21 questions

Question 7

Report Export Collapse

Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?

asset_category
asset_category
src_ip
src_ip
src_category
src_category
user
user
Suggested answer: C
asked 23/09/2024
Dang Xuan Bao
41 questions

Question 8

Report Export Collapse

An IDS signature is designed to detect and alert on logins to a certain server, but only if they occur from 6:00 PM - 6:00 AM. If no IDS alerts occur in this window, but the signature is known to be correct, this would be an example of what?

A True Negative.
A True Negative.
A True Positive.
A True Positive.
A False Negative.
A False Negative.
A False Positive.
A False Positive.
Suggested answer: A
asked 23/09/2024
Sullivan Dabireau
36 questions

Question 9

Report Export Collapse

Which of the following is not a component of the Splunk Security Content library (ESCU, SSE)?

Dashboards
Dashboards
Reports
Reports
Correlation searches
Correlation searches
Validated architectures
Validated architectures
Suggested answer: D
asked 23/09/2024
Ishan Rathnayaka
36 questions

Question 10

Report Export Collapse

The eval SPL expression supports many types of functions. Which of these function categories is not valid with eval?

JSON functions
JSON functions
Text functions
Text functions
Comparison and Conditional functions
Comparison and Conditional functions
Threat functions
Threat functions
Suggested answer: D
asked 23/09/2024
Andres Romo
44 questions
Total 66 questions
Go to page: of 7
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is the following step-by-step description an example of? 1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document. 2. The attacker creates a unique email with the malicious document based on extensive research about their target. 3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.
Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?
Which of the following is a best practice when creating performant searches within Splunk?
Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?
Which of the following data sources can be used to discover unusual communication within an organization's network?
An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?
An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?
What is the main difference between hypothesis-driven and data-driven Threat Hunting?
The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?
Which of the following is a correct Splunk search that will return results in the most performant way?