Splunk Related Exams
SPLK-5001 Exam
The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?
An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?
The following list contains examples of Tactics, Techniques, and Procedures (TTPs):
• Exploiting a remote service
• Extend movement
• Use EternalBlue to exploit a remote SMB server
In which order are they listed below?