New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk SPLK-5001 Questions Answers

Page: 3 / 5
Total 66 questions

Splunk Certified Cybersecurity Defense Analyst Questions and Answers

Question 9

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

Options:

A.

Malware

B.

Alerts

C.

Vulnerabilities

D.

Endpoint

Question 10

Which of the following is not considered an Indicator of Compromise (IOC)?

Options:

A.

A specific domain that is utilized for phishing.

B.

A specific IP address used in a cyberattack.

C.

A specific file hash of a malicious executable.

D.

A specific password for a compromised account.

Question 11

The Security Operations Center (SOC) manager is interested in creating a new dashboard for typosquatting after a successful campaign against a group of senior executives. Which existing ES dashboard could be used as a starting point to create a custom dashboard?

Options:

A.

IAM Activity

B.

Malware Center

C.

Access Anomalies

D.

New Domain Analysis

Question 12

When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?

Options:

A.

| sort by user | where count > 1000

B.

| stats count by user | where count > 1000 | sort - count

C.

| top user

D.

| stats count(user) | sort - count | where count > 1000

Page: 3 / 5
Total 66 questions