ExamGecko
Home / Splunk / SPLK-5001
Ask Question

Splunk SPLK-5001 Practice Test - Questions Answers, Page 2

Question list
Search

List of questions

Search

Related questions











Question 11

Report
Export
Collapse

Which of the following data sources can be used to discover unusual communication within an organization's network?

EDS
EDS
Net Flow
Net Flow
Email
Email
IAM
IAM
Suggested answer: B
asked 23/09/2024
Dominique Dusabe
42 questions

Question 12

Report
Export
Collapse

When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?

| sort by user | where count > 1000
| sort by user | where count > 1000
| stats count by user | where count > 1000 | sort - count
| stats count by user | where count > 1000 | sort - count
| top user
| top user
| stats count(user) | sort - count | where count > 1000
| stats count(user) | sort - count | where count > 1000
Suggested answer: B
asked 23/09/2024
Miguel Seron Blasco
30 questions

Question 13

Report
Export
Collapse

The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.

Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?

Comments
Comments
Moles
Moles
Annotations
Annotations
Framework mapping
Framework mapping
Suggested answer: D
asked 23/09/2024
Ihab ALkasrawi
34 questions

Question 14

Report
Export
Collapse

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
Suggested answer: C
asked 23/09/2024
AshokBabu Kumili
43 questions

Question 15

Report
Export
Collapse

Which Enterprise Security framework provides a mechanism for running preconfigured actions within the Splunk platform or integrating with external applications?

Asset and Identity
Asset and Identity
Notable Event
Notable Event
Threat Intelligence
Threat Intelligence
Adaptive Response
Adaptive Response
Suggested answer: D
asked 23/09/2024
Abdullah Mousa
45 questions

Question 16

Report
Export
Collapse

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain to be mapped to Correlation Search results?

Annotations
Annotations
Playbooks
Playbooks
Comments
Comments
Enrichments
Enrichments
Suggested answer: A
asked 23/09/2024
Albert Terrell
38 questions

Question 17

Report
Export
Collapse

Which of the following is the primary benefit of using the CIM in Splunk?

It allows for easier correlation of data from different sources.
It allows for easier correlation of data from different sources.
It improves the performance of search queries on raw data.
It improves the performance of search queries on raw data.
It enables the use of advanced machine learning algorithms.
It enables the use of advanced machine learning algorithms.
It automatically detects and blocks cyber threats.
It automatically detects and blocks cyber threats.
Suggested answer: A
asked 23/09/2024
Alexander Yakovenko
34 questions

Question 18

Report
Export
Collapse

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

Forming hypothesis for Threat Hunting
Forming hypothesis for Threat Hunting
Visualizing complex datasets.
Visualizing complex datasets.
Creating persistent field extractions.
Creating persistent field extractions.
Taking containment action on a compromised host
Taking containment action on a compromised host
Suggested answer: D
asked 23/09/2024
AHOPlvaro Zorrilla
37 questions

Question 19

Report
Export
Collapse

Which of the following is not considered an Indicator of Compromise (IOC)?

A specific domain that is utilized for phishing.
A specific domain that is utilized for phishing.
A specific IP address used in a cyberattack.
A specific IP address used in a cyberattack.
A specific file hash of a malicious executable.
A specific file hash of a malicious executable.
A specific password for a compromised account.
A specific password for a compromised account.
Suggested answer: D
asked 23/09/2024
MICHELE CRISTINA DOS FELIX
38 questions

Question 20

Report
Export
Collapse

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

username
username
src_user_id
src_user_id
src_user
src_user
dest_user
dest_user
Suggested answer: C
asked 23/09/2024
aaron black
34 questions
Total 66 questions
Go to page: of 7