New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk SPLK-5001 Passing Score

Page: 5 / 5
Total 66 questions

Splunk Certified Cybersecurity Defense Analyst Questions and Answers

Question 17

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Options:

A.

Endpoint

B.

Authentication

C.

Network traffic

D.

Web

Question 18

An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.

This is an example of what?

Options:

A.

A True Positive.

B.

A True Negative.

C.

A False Negative.

D.

A False Positive.

Question 19

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?

Options:

A.

Define and Predict

B.

Establish and Architect

C.

Analyze and Report

D.

Implement and Collect

Page: 5 / 5
Total 66 questions