ExamGecko
Search Search Login
Home Home / Splunk / SPLK-5001

Splunk SPLK-5001 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?
A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious. What should they ask their engineer for to make their analysis easier?
Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
What is the following step-by-step description an example of? 1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document. 2. The attacker creates a unique email with the malicious document based on extensive research about their target. 3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.
The following list contains examples of Tactics, Techniques, and Procedures (TTPs): 1. Exploiting a remote service 2. Lateral movement 3. Use EternalBlue to exploit a remote SMB server In which order are they listed below?
According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?
Which of the following data sources can be used to discover unusual communication within an organization's network?
The eval SPL expression supports many types of functions. Which of these function categories is not valid with eval?
Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?

Question 41

Report
Export
Collapse

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor's typical behaviors and intent. This would be an example of what type of intelligence?

A.
Operational
A.
Operational
Answers
B.
Executive
B.
Executive
Answers
C.
Tactical
C.
Tactical
Answers
D.
Strategic
D.
Strategic
Answers
Suggested answer: D

Question 42

Report
Export
Collapse

An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is the most likely cause?

A.
The analyst does not have the proper role to search this data.
A.
The analyst does not have the proper role to search this data.
Answers
B.
The analyst is searching newly indexed data that was improperly parsed.
B.
The analyst is searching newly indexed data that was improperly parsed.
Answers
C.
The analyst did not add the excract command to their search pipeline.
C.
The analyst did not add the excract command to their search pipeline.
Answers
D.
The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
D.
The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
Answers
Suggested answer: C

Question 43

Report
Export
Collapse

An organization is using Risk-Based Alerting (RBA). During the past few days, a user account generated multiple risk observations. Splunk refers to this account as what type of entity?

A.
Risk Factor
A.
Risk Factor
Answers
B.
Risk Index
B.
Risk Index
Answers
C.
Risk Analysis
C.
Risk Analysis
Answers
D.
Risk Object
D.
Risk Object
Answers
Suggested answer: B

Question 44

Report
Export
Collapse

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

A.
Tactical
A.
Tactical
Answers
B.
Strategic
B.
Strategic
Answers
C.
Operational
C.
Operational
Answers
D.
Executive
D.
Executive
Answers
Suggested answer: B

Question 45

Report
Export
Collapse

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

A.
Endpoint
A.
Endpoint
Answers
B.
Authentication
B.
Authentication
Answers
C.
Network traffic
C.
Network traffic
Answers
D.
Web
D.
Web
Answers
Suggested answer: A

Question 46

Report
Export
Collapse

Which of the following is a best practice for searching in Splunk?

A.
Streaming commands run before aggregating commands in the Search pipeline.
A.
Streaming commands run before aggregating commands in the Search pipeline.
Answers
B.
Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
B.
Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
Answers
C.
Limit fields returned from the search utilizing the cable command.
C.
Limit fields returned from the search utilizing the cable command.
Answers
D.
Searching over All Time ensures that all relevant data is returned.
D.
Searching over All Time ensures that all relevant data is returned.
Answers
Suggested answer: C

Question 47

Report
Export
Collapse

While testing the dynamic removal of credit card numbers, an analyst lands on using the rex command. What mode needs to be set to in order to replace the defined values with X?

| makeresults

| eval ccnumber='511388720478619733'

| rex field=ccnumber mode=??? 's/(\d{4}-){3)/XXXX-XXXX-XXXX-/g'

Please assume that the above rex command is correctly written.

A.
sed
A.
sed
Answers
B.
replace
B.
replace
Answers
C.
mask
C.
mask
Answers
D.
substitute
D.
substitute
Answers
Suggested answer: A

Question 48

Report
Export
Collapse

An analyst is examining the logs for a web application's login form. They see thousands of failed logon attempts using various usernames and passwords. Internet research indicates that these credentials may have been compiled by combining account information from several recent data breaches.

Which type of attack would this be an example of?

A.
Credential sniffing
A.
Credential sniffing
Answers
B.
Password cracking
B.
Password cracking
Answers
C.
Password spraying
C.
Password spraying
Answers
D.
Credential stuffing
D.
Credential stuffing
Answers
Suggested answer: D

Question 49

Report
Export
Collapse

An analysis of an organization's security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of designing the new process and selecting the required tools to implement it?

A.
SOC Manager
A.
SOC Manager
Answers
B.
Security Engineer
B.
Security Engineer
Answers
C.
Security Architect
C.
Security Architect
Answers
D.
Security Analyst
D.
Security Analyst
Answers
Suggested answer: C

Question 50

Report
Export
Collapse

After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.

What SPL could they use to find all relevant events across either field until the field extraction is fixed?

A.
| eval src = coalesce(src,machine_name)
A.
| eval src = coalesce(src,machine_name)
Answers
B.
| eval src = src + machine_name
B.
| eval src = src + machine_name
Answers
C.
| eval src = src . machine_name
C.
| eval src = src . machine_name
Answers
D.
| eval src = tostring(machine_name)
D.
| eval src = tostring(machine_name)
Answers
Suggested answer: A
Total 66 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms