New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SPLK-5001 Splunk Certified Cybersecurity Defense Analyst Questions and Answers

Questions 4

An organization is using Risk-Based Alerting (RBA). During the past few days, a user account generated multiple risk observations. Splunk refers to this account as what type of entity?

Options:

A.

Risk Factor

B.

Risk Index

C.

Risk Analysis

D.

Risk Object

Buy Now
Questions 5

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

Options:

A.

host

B.

dest

C.

src_nt_host

D.

src_ip

Buy Now
Questions 6

Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?

Options:

A.

SSE

B.

ESCU

C.

Threat Hunting

D.

InfoSec

Buy Now
Questions 7

An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn’t seem to be any associated increase in incoming traffic.

What type of threat actor activity might this represent?

Options:

A.

Data exfiltration

B.

Network reconnaissance

C.

Data infiltration

D.

Lateral movement

Buy Now
Questions 8

Which of the following is not considered an Indicator of Compromise (IOC)?

Options:

A.

A specific domain that is utilized for phishing.

B.

A specific IP address used in a cyberattack.

C.

A specific file hash of a malicious executable.

D.

A specific password for a compromised account.

Buy Now
Questions 9

What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?

Options:

A.

Hacktivism

B.

Cyber espionage

C.

Financial gain

D.

Prestige

Buy Now
Questions 10

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor’s typical behaviors and intent. This would be an example of what type of intelligence?

Options:

A.

Operational

B.

Executive

C.

Tactical

D.

Strategic

Buy Now
Questions 11

A threat hunter executed a hunt based on the following hypothesis:

As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control.

Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the hunter is confident in the conclusion that Cobalt Strike is not present in the company’s environment.

Which of the following best describes the outcome of this threat hunt?

Options:

A.

The threat hunt was successful because the hypothesis was not proven.

B.

The threat hunt failed because the hypothesis was not proven.

C.

The threat hunt failed because no malicious activity was identified.

D.

The threat hunt was successful in providing strong evidence that the tactic and tool is not present in the environment.

Buy Now
Questions 12

Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?

Options:

A.

asset_category

B.

src_ip

C.

src_category

D.

user

Buy Now
Questions 13

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

Options:

A.

MTTR (Mean Time to Respond)

B.

MTBF (Mean Time Between Failures)

C.

MTTA (Mean Time to Acknowledge)

D.

MTTD (Mean Time to Detect)

Buy Now
Questions 14

An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.

This is an example of what?

Options:

A.

A True Positive.

B.

A True Negative.

C.

A False Negative.

D.

A False Positive.

Buy Now
Questions 15

The following list contains examples of Tactics, Techniques, and Procedures (TTPs):

1. Exploiting a remote service

2. Lateral movement

3. Use EternalBlue to exploit a remote SMB server

In which order are they listed below?

Options:

A.

Tactic, Technique, Procedure

B.

Procedure, Technique, Tactic

C.

Technique, Tactic, Procedure

D.

Tactic, Procedure, Technique

Buy Now
Questions 16

The eval SPL expression supports many types of functions. Which of these function categories is not valid with eval?

Options:

A.

JSON functions

B.

Text functions

C.

Comparison and Conditional functions

D.

Threat functions

Buy Now
Questions 17

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

Options:

A.

SOC Manager

B.

Security Analyst

C.

Security Engineer

D.

Security Architect

Buy Now
Questions 18

Which of the following is a tactic used by attackers, rather than a technique?

Options:

A.

Gathering information about a target.

B.

Establishing persistence with a scheduled task.

C.

Using a phishing email to gain initial access.

D.

Escalatingprivileges via UAC bypass.

Buy Now
Questions 19

Which of the following is a correct Splunk search that will return results in the most performant way?

Options:

A.

index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, host

B.

| stats range(_time) as duration by src_ip | index=foo host=i-478619733 | bin duration span=5min | stats count by duration, host

C.

index=foo host=i-478619733 | transaction src_ip |stats count by host

D.

index=foo | transaction src_ip |stats count by host | search host=i-478619733

Buy Now

Splunk |

Exam Code: SPLK-5001
Exam Name: Splunk Certified Cybersecurity Defense Analyst
Last Update: Dec 27, 2024
Questions: 66
SPLK-5001 pdf

SPLK-5001 PDF

$25.5  $84.99
SPLK-5001 Engine

SPLK-5001 Testing Engine

$30  $99.99
SPLK-5001 PDF + Engine

SPLK-5001 PDF + Testing Engine

$40.5  $134.99