Splunk SPLK-5001 Practice Test - Questions Answers, Page 4

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server's access log has the same log entry millions of times:

147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] 'GET /login/ HTTP/1.0' 200 3733

What kind of attack is occurring?

According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?

Which of the following is considered Personal Data under GDPR?

What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?