SPLK-5001 exam

A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious. What should they ask their engineer for to make their...

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain® to be mapped to Correlation Search results?A . AnnotationsB . PlaybooksC . CommentsD . EnrichmentsView AnswerAnswer: A

An analysis of an organization’s security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of implementing the new process or solution that was selected?A . Security ArchitectB . SOC ManagerC ....

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?A . SOC ManagerB . Security AnalystC . Security EngineerD . Security ArchitectView...

Which of the following is the primary benefit of using the CIM in Splunk?A . It allows for easier correlation of data from different sources.B . It improves the performance of search queries on raw data.C . It enables the use of advanced machine learning algorithms.D . It automatically detects...

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?A . leastB . uncommonC . rareD . baseView AnswerAnswer: C

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?A . Threat Intelligence FrameworkB . Risk FrameworkC...

A threat hunter executed a hunt based on the following hypothesis: As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control. Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the...

An analyst is not sure that all of the potential data sources at her company are being correctly or completely utilized by Splunk and Enterprise Security. Which of the following might she suggest using, in order to perform an analysis of the data types available and some of their potential...

Which of the following is a correct Splunk search that will return results in the most performant way?A . index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, hostB . | stats range(_time) as duration by src_ip | index=foo host=i-478619733 |...