ExamGecko
Search Search Login
Home Home / Splunk / SPLK-5001

Splunk SPLK-5001 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?
A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious. What should they ask their engineer for to make their analysis easier?
Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
What is the following step-by-step description an example of? 1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document. 2. The attacker creates a unique email with the malicious document based on extensive research about their target. 3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.
The following list contains examples of Tactics, Techniques, and Procedures (TTPs): 1. Exploiting a remote service 2. Lateral movement 3. Use EternalBlue to exploit a remote SMB server In which order are they listed below?
According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?
Which of the following data sources can be used to discover unusual communication within an organization's network?
The eval SPL expression supports many types of functions. Which of these function categories is not valid with eval?
Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?

Question 61

Report
Export
Collapse

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.

This is an example of what type of threat-hunting technique?

A.
Least Frequency of Occurrence Analysis
A.
Least Frequency of Occurrence Analysis
Answers
B.
Co-Occurrence Analysis
B.
Co-Occurrence Analysis
Answers
C.
Time Series Analysis
C.
Time Series Analysis
Answers
D.
Outlier Frequency Analysis
D.
Outlier Frequency Analysis
Answers
Suggested answer: A

Question 62

Report
Export
Collapse

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

A.
Data-driven hunts always require more data to search through than hypothesis-driven hunts.
A.
Data-driven hunts always require more data to search through than hypothesis-driven hunts.
Answers
B.
Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.
B.
Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.
Answers
C.
Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.
C.
Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.
Answers
D.
Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.
D.
Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.
Answers
Suggested answer: B

Question 63

Report
Export
Collapse

The Security Operations Center (SOC) manager is interested in creating a new dashboard for typosquatting after a successful campaign against a group of senior executives. Which existing ES dashboard could be used as a starting point to create a custom dashboard?

A.
IAM Activity
A.
IAM Activity
Answers
B.
Malware Center
B.
Malware Center
Answers
C.
Access Anomalies
C.
Access Anomalies
Answers
D.
New Domain Analysis
D.
New Domain Analysis
Answers
Suggested answer: D

Question 64

Report
Export
Collapse

What is the main difference between a DDoS and a DoS attack?

A.
A DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.
A.
A DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.
Answers
B.
A DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.
B.
A DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.
Answers
C.
A DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.
C.
A DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.
Answers
D.
A DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.
D.
A DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.
Answers
Suggested answer: C

Question 65

Report
Export
Collapse

An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:

147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] 'POST /cgi-bin/shutdown/ HTTP/1.0' 200 3333

What kind of attack is most likely occurring?

A.
Distributed denial of service attack.
A.
Distributed denial of service attack.
Answers
B.
Denial of service attack.
B.
Denial of service attack.
Answers
C.
Database injection attack.
C.
Database injection attack.
Answers
D.
Cross-Site scripting attack.
D.
Cross-Site scripting attack.
Answers
Suggested answer: B

Question 66

Report
Export
Collapse

Which of the Enterprise Security frameworks provides additional automatic context and correlation to fields that exist within raw data?

A.
Asset and Identity
A.
Asset and Identity
Answers
B.
Threat Intelligence
B.
Threat Intelligence
Answers
C.
Adaptive Response
C.
Adaptive Response
Answers
D.
Risk
D.
Risk
Answers
Suggested answer: A
Total 66 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms