ExamGecko
Home / Splunk / SPLK-5001 / List of questions
Ask Question

Splunk SPLK-5001 Practice Test - Questions Answers, Page 5

Question list
Search

List of questions

Search

Related questions











Question 41

Report
Export
Collapse

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor's typical behaviors and intent. This would be an example of what type of intelligence?

Operational
Operational
Executive
Executive
Tactical
Tactical
Strategic
Strategic
Suggested answer: D
asked 23/09/2024
Juan Bueno
40 questions

Question 42

Report
Export
Collapse

An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is the most likely cause?

The analyst does not have the proper role to search this data.
The analyst does not have the proper role to search this data.
The analyst is searching newly indexed data that was improperly parsed.
The analyst is searching newly indexed data that was improperly parsed.
The analyst did not add the excract command to their search pipeline.
The analyst did not add the excract command to their search pipeline.
The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
Suggested answer: C
asked 23/09/2024
Szymon Strzep
39 questions

Question 43

Report
Export
Collapse

An organization is using Risk-Based Alerting (RBA). During the past few days, a user account generated multiple risk observations. Splunk refers to this account as what type of entity?

Risk Factor
Risk Factor
Risk Index
Risk Index
Risk Analysis
Risk Analysis
Risk Object
Risk Object
Suggested answer: B
asked 23/09/2024
Lawrence Acherman
42 questions

Question 44

Report
Export
Collapse

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

Tactical
Tactical
Strategic
Strategic
Operational
Operational
Executive
Executive
Suggested answer: B
asked 23/09/2024
Subramaniam Pratheep
39 questions

Question 45

Report
Export
Collapse

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Endpoint
Endpoint
Authentication
Authentication
Network traffic
Network traffic
Web
Web
Suggested answer: A
asked 23/09/2024
OKAN AYDOÄžAN
47 questions

Question 46

Report
Export
Collapse

Which of the following is a best practice for searching in Splunk?

Streaming commands run before aggregating commands in the Search pipeline.
Streaming commands run before aggregating commands in the Search pipeline.
Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
Limit fields returned from the search utilizing the cable command.
Limit fields returned from the search utilizing the cable command.
Searching over All Time ensures that all relevant data is returned.
Searching over All Time ensures that all relevant data is returned.
Suggested answer: C
asked 23/09/2024
Jonathan Dowds
37 questions

Question 47

Report
Export
Collapse

While testing the dynamic removal of credit card numbers, an analyst lands on using the rex command. What mode needs to be set to in order to replace the defined values with X?

| makeresults

| eval ccnumber='511388720478619733'

| rex field=ccnumber mode=??? 's/(\d{4}-){3)/XXXX-XXXX-XXXX-/g'

Please assume that the above rex command is correctly written.

sed
sed
replace
replace
mask
mask
substitute
substitute
Suggested answer: A
asked 23/09/2024
alain giansily
40 questions

Question 48

Report
Export
Collapse

An analyst is examining the logs for a web application's login form. They see thousands of failed logon attempts using various usernames and passwords. Internet research indicates that these credentials may have been compiled by combining account information from several recent data breaches.

Which type of attack would this be an example of?

Credential sniffing
Credential sniffing
Password cracking
Password cracking
Password spraying
Password spraying
Credential stuffing
Credential stuffing
Suggested answer: D
asked 23/09/2024
Yan Wei
35 questions

Question 49

Report
Export
Collapse

An analysis of an organization's security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of designing the new process and selecting the required tools to implement it?

Become a Premium Member for full access
  Unlock Premium Member

Question 50

Report
Export
Collapse

After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.

What SPL could they use to find all relevant events across either field until the field extraction is fixed?

Become a Premium Member for full access
  Unlock Premium Member
Total 66 questions
Go to page: of 7