Splunk SPLK-5001 Practice Test - Questions Answers, Page 6

List of questions
Question 51

An analyst would like to test how certain Splunk SPL commands work against a small set of data. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?
Question 52

An analysis of an organization's security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of implementing the new process or solution that was selected?
Question 53

Which of the following is a correct Splunk search that will return results in the most performant way?
Question 54

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?
Question 55

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?
Question 56

What is the following step-by-step description an example of?
1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document.
2. The attacker creates a unique email with the malicious document based on extensive research about their target.
3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.
Question 57

Which of the following is a tactic used by attackers, rather than a technique?
Question 58

Which stage of continuous monitoring involves adding data, creating detections, and building drilldowns?
Question 59

An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.
This is an example of what?
Question 60

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?
Question