Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

SPLK-5001 Splunk Certified Cybersecurity Defense Analyst Questions and Answers

Questions 4

An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?

Options:

A.

Running the Risk Analysis Adaptive Response action within the Notable Event.

B.

Via a workflow action for the Risk Investigation dashboard.

C.

Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.

D.

Clicking the risk event count to open the Risk Event Timeline.

Buy Now
Questions 5

An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:

147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333

What kind of attack is most likely occurring?

Options:

A.

Distributed denial of service attack.

B.

Denial of service attack.

C.

Database injection attack.

D.

Cross-Site scripting attack.

Buy Now
Questions 6

A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious.

What should they ask their engineer for to make their analysis easier?

Options:

A.

Create a field extraction for this information.

B.

Add this information to the risk message.

C.

Create another detection for this information.

D.

Allowlist more events based on this information.

Buy Now
Questions 7

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor’s typical behaviors and intent. This would be an example of what type of intelligence?

Options:

A.

Operational

B.

Executive

C.

Tactical

D.

Strategic

Buy Now
Questions 8

An organization is using Risk-Based Alerting (RBA). During the past few days, a user account generated multiple risk observations. Splunk refers to this account as what type of entity?

Options:

A.

Risk Factor

B.

Risk Index

C.

Risk Analysis

D.

Risk Object

Buy Now
Questions 9

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?

Options:

A.

Splunk Answers

B.

Splunk Lantern

C.

Splunk Guidebook

D.

Splunk Documentation

Buy Now
Questions 10

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

Options:

A.

Tactical

B.

Strategic

C.

Operational

D.

Executive

Buy Now
Questions 11

An IDS signature is designed to detect and alert on logins to a certain server, but only if they occur from 6:00 PM - 6:00 AM. If no IDS alerts occur in this window, but the signature is known to be correct, this would be an example of what?

Options:

A.

A True Negative.

B.

A True Positive.

C.

A False Negative.

D.

A False Positive.

Buy Now
Questions 12

After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.

What SPL could they use to find all relevant events across either field until the field extraction is fixed?

Options:

A.

| eval src = coalesce(src,machine_name)

B.

| eval src = src + machine_name

C.

| eval src = src . machine_name

D.

| eval src = tostring(machine_name)

Buy Now
Questions 13

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?

Options:

A.

Host-based firewall

B.

Web proxy

C.

Endpoint Detection and Response

D.

Intrusion Detection System

Buy Now
Questions 14

Tactics, Techniques, and Procedures (TTPs) are methods or behaviors utilized by attackers. In which framework are these categorized?

Options:

A.

NIST 800-53

B.

ISO 27000

C.

CIS18

D.

MITRE ATT&CK

Buy Now
Questions 15

What is the main difference between a DDoS and a DoS attack?

Options:

A.

A DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.

B.

A DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.

C.

A DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.

D.

A DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.

Buy Now
Questions 16

An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.

This is an example of what?

Options:

A.

A True Positive.

B.

A True Negative.

C.

A False Negative.

D.

A False Positive.

Buy Now
Questions 17

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

Options:

A.

username

B.

src_user_id

C.

src_user

D.

dest_user

Buy Now
Questions 18

An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?

Options:

A.

rex

B.

fields

C.

regex

D.

eval

Buy Now
Questions 19

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

Options:

A.

Forming hypothesis for Threat Hunting

B.

Visualizing complex datasets.

C.

Creating persistent field extractions.

D.

Taking containment action on a compromised host

Buy Now
Exam Code: SPLK-5001
Exam Name: Splunk Certified Cybersecurity Defense Analyst
Last Update: Dec 4, 2024
Questions: 66

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now SPLK-5001 testing engine

PDF (Q&A)

$36.75  $104.99
buy now SPLK-5001 pdf