SPLK-5001 Splunk Certified Cybersecurity Defense Analyst PDF Questions

1 / 4 Splunk SPLK-5001 Exam Splunk Certified Cybersecurity Defense Analyst https://www.passquestion.com/splk-5001.html 35% OFF on All, Including SPLK-5001 Questions and Answers P ass Splunk SPLK-5001 Exam with PassQuestion SPLK-5001 questions and answers in the first attempt. https://www.passquestion.com/ 2 / 4 1.Which of the following is the primary benefit of using the CIM in Splunk? A. It allows for easier correlation of data from different sources. B. It improves the performance of search queries on raw data. C. It enables the use of advanced machine learning algorithms. D. It automatically detects and blocks cyber threats. Answer: A 2.Which of the following data sources would be most useful to determine if a user visited a recently identified malicious website? A. Active Directory Logs B. Web Proxy Logs C. Intrusion Detection Logs D. Web Server Logs Answer: B 3.Which of the following is a tactic used by attackers, rather than a technique? A. Gathering information about a target. B. Establishing persistence with a scheduled task. C. Using a phishing email to gain initial access. D. Escalating privileges via UAC bypass. Answer: A 4.Enterprise Security has been configured to generate a Notable Event when a user has quickly authenticated from multiple locations between which travel would be impossible. This would be considered what kind of an anomaly? A. Access Anomaly B. Identity Anomaly C. Endpoint Anomaly D. Threat Anomaly Answer: A 5.An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field? A. host B. dest C. src_nt_host D. src_ip Answer: D 6.Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR? A. SSE 3 / 4 B. ESCU C. Threat Hunting D. InfoSec Answer: B 7.A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor ’ s typical behaviors and intent. This would be an example of what type of intelligence? A. Operational B. Executive C. Tactical D. Strategic Answer: C 8.In Splunk Enterprise Security, annotations can be added to enrich correlation search results with security framework mappings. Which of the following security frameworks is not available as a default annotation option? A. MITRE ATT&CK B. OWASP Top 10 C. CIS D. Lockheed Martin Cyber Kill Chain Answer: B 9.An analyst learns that several types of data are being ingested into Splunk and Enterprise Security, and wants to use the metadata SPL command to list them in a search. Which of the following arguments should she use? A. metadata type=cdn B. metadata type=sourcetypes C. metadata type=assets D. metadata type=hosts Answer: B 10.While investigating findings in Enterprise Security, an analyst has identified a compromised device. Without leaving ES, what action could they take to run a sequence of containment activities on the compromised device that also updates the original finding? A. Run an event-level workflow action that initiates a SOAR playbook. B. Run a field-level workflow action that initiates a SOAR playbook. C. Run an adaptive response action that initiates a SOAR playbook. D. Run an alert action that initiates a SOAR playbook. Answer: C 11.Which of the following is a best practice when creating performant searches within Splunk? A. Utilize the transaction command to aggregate data for faster analysis. B. Utilize Aggregating commands to ensure all data is available prior to Streaming commands. 4 / 4 C. Utilize specific fields to return only the data that is required. D. Utilize multiple wildcards across fields to ensure returned data is complete and available. Answer: C 12.Which of the following data sources can be used to discover unusual communication within an organization ’ s network? A. EDS B. Net Flow C. Email D. IAM Answer: B 13.A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence? A. Tactical B. Strategic C. Operational D. Executive Answer: B 14.Which of the Enterprise Security frameworks provides additional automatic context and correlation to fields that exist within raw data? A. Adaptive Response B. Threat Intelligence C. Risk D. Asset and Identity Answer: D 15.An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline? A. rex B. fields C. regex D. eval Answer: A