New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SPLK-5001 Questions and Answers

Question # 6

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

A.

Data-driven hunts always require more data to search through than hypothesis-driven hunts.

B.

Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.

C.

Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.

D.

Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.

Full Access
Question # 7

Which of the following is considered Personal Data under GDPR?

A.

The birth date of an unidentified user.

B.

An individual's address including their first and last name.

C.

The name of a deceased individual.

D.

A company's registration number.

Full Access
Question # 8

An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is themost likelycause?

A.

The analyst does not have the proper role to search this data.

B.

The analyst is searching newly indexed data that was improperly parsed.

C.

The analyst did not add the excract command to their search pipeline.

D.

The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.

Full Access
Question # 9

An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?

A.

rex

B.

fields

C.

regex

D.

eval

Full Access
Question # 10

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

A.

Forming hypothesis for Threat Hunting

B.

Visualizing complex datasets.

C.

Creating persistent field extractions.

D.

Taking containment action on a compromised host

Full Access
Question # 11

Which stage of continuous monitoring involves adding data, creating detections, and building drilldowns?

A.

Implement and Collect

B.

Establish and Architect

C.

Respond and Review

D.

Analyze and Report

Full Access
Question # 12

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor’s typical behaviors and intent. This would be an example of what type of intelligence?

A.

Operational

B.

Executive

C.

Tactical

D.

Strategic

Full Access
Question # 13

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.

This is an example of what type of threat-hunting technique?

A.

Least Frequency of Occurrence Analysis

B.

Co-Occurrence Analysis

C.

Time Series Analysis

D.

Outlier Frequency Analysis

Full Access
Question # 14

An analysis of an organization’s security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of designing the new process and selecting the required tools to implement it?

A.

SOC Manager

B.

Security Engineer

C.

Security Architect

D.

Security Analyst

Full Access
Question # 15

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?

A.

Host-based firewall

B.

Web proxy

C.

Endpoint Detection and Response

D.

Intrusion Detection System

Full Access
Question # 16

Which of the following is a correct Splunk search that will return results in the most performant way?

A.

index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, host

B.

| stats range(_time) as duration by src_ip | index=foo host=i-478619733 | bin duration span=5min | stats count by duration, host

C.

index=foo host=i-478619733 | transaction src_ip |stats count by host

D.

index=foo | transaction src_ip |stats count by host | search host=i-478619733

Full Access
Question # 17

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain® to be mapped to Correlation Search results?

A.

Annotations

B.

Playbooks

C.

Comments

D.

Enrichments

Full Access
Question # 18

The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.

Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?

A.

Comments

B.

Moles

C.

Annotations

D.

Framework mapping

Full Access
Question # 19

When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?

A.

| sort by user | where count > 1000

B.

| stats count by user | where count > 1000 | sort - count

C.

| top user

D.

| stats count(user) | sort - count | where count > 1000

Full Access