Splunk SPLK-5001 Practice Test - Questions Answers, Page 4

List of questions
Question 31

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?
Question 32

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server's access log has the same log entry millions of times:
147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] 'GET /login/ HTTP/1.0' 200 3733
What kind of attack is occurring?
Question 33

According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?
Question 34

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?
Question 35

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?
Question 36

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?
Question 37

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?
Question 38

An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?
Question 39

Which of the following is considered Personal Data under GDPR?
Question 40

What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?
Question