ExamGecko
Home / Splunk / SPLK-5001 / List of questions
Ask Question

Splunk SPLK-5001 Practice Test - Questions Answers, Page 2

Add to Whishlist

List of questions

Question 11

Report Export Collapse

Which of the following data sources can be used to discover unusual communication within an organization's network?

EDS
EDS
Net Flow
Net Flow
Email
Email
IAM
IAM
Suggested answer: B
asked 23/09/2024
Dominique Dusabe
48 questions

Question 12

Report Export Collapse

When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?

| sort by user | where count > 1000
| sort by user | where count > 1000
| stats count by user | where count > 1000 | sort - count
| stats count by user | where count > 1000 | sort - count
| top user
| top user
| stats count(user) | sort - count | where count > 1000
| stats count(user) | sort - count | where count > 1000
Suggested answer: B
asked 23/09/2024
Miguel Seron Blasco
34 questions

Question 13

Report Export Collapse

The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.

Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?

Become a Premium Member for full access
  Unlock Premium Member

Question 14

Report Export Collapse

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

Become a Premium Member for full access
  Unlock Premium Member

Question 15

Report Export Collapse

Which Enterprise Security framework provides a mechanism for running preconfigured actions within the Splunk platform or integrating with external applications?

Become a Premium Member for full access
  Unlock Premium Member

Question 16

Report Export Collapse

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain to be mapped to Correlation Search results?

Become a Premium Member for full access
  Unlock Premium Member

Question 17

Report Export Collapse

Which of the following is the primary benefit of using the CIM in Splunk?

Become a Premium Member for full access
  Unlock Premium Member

Question 18

Report Export Collapse

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

Become a Premium Member for full access
  Unlock Premium Member

Question 19

Report Export Collapse

Which of the following is not considered an Indicator of Compromise (IOC)?

Become a Premium Member for full access
  Unlock Premium Member

Question 20

Report Export Collapse

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

Become a Premium Member for full access
  Unlock Premium Member
Total 66 questions
Go to page: of 7
Search

Related questions