ExamGecko
Home / Splunk / SPLK-5001 / List of questions
Ask Question

Splunk SPLK-5001 Practice Test - Questions Answers, Page 4

Add to Whishlist

List of questions

Question 31

Report Export Collapse

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?

Become a Premium Member for full access
  Unlock Premium Member

Question 32

Report Export Collapse

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server's access log has the same log entry millions of times:

147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] 'GET /login/ HTTP/1.0' 200 3733

What kind of attack is occurring?

Become a Premium Member for full access
  Unlock Premium Member

Question 33

Report Export Collapse

According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?

Become a Premium Member for full access
  Unlock Premium Member

Question 34

Report Export Collapse

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

Become a Premium Member for full access
  Unlock Premium Member

Question 35

Report Export Collapse

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?

Become a Premium Member for full access
  Unlock Premium Member

Question 36

Report Export Collapse

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

Become a Premium Member for full access
  Unlock Premium Member

Question 37

Report Export Collapse

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

Become a Premium Member for full access
  Unlock Premium Member

Question 38

Report Export Collapse

An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?

Become a Premium Member for full access
  Unlock Premium Member

Question 39

Report Export Collapse

Which of the following is considered Personal Data under GDPR?

Become a Premium Member for full access
  Unlock Premium Member

Question 40

Report Export Collapse

What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?

Become a Premium Member for full access
  Unlock Premium Member
Total 66 questions
Go to page: of 7
Search

Related questions