
SPLK-5001練習テスト問題解答には更新された68問があります
SPLK-5001問題集はCybersecurity Defense Analyst合格確定させる練習で68問があります
Splunk SPLK-5001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 38
An analyst is attempting to investigate a Notable Event within Enterprise Security. Through the course of their investigation they determined that the logs and artifacts needed to investigate the alert are not available.
What event disposition should the analyst assign to the Notable Event?
- A. False Negative, since there are no logs to prove the activity actually occurred.
- B. True Positive, since there are no logs to prove that the event did not occur.
- C. Other, since a security engineer needs to ingest the required logs.
- D. Benign Positive, since there was no evidence that the event actually occurred.
正解:C
質問 # 39
An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.
This is an example of what?
- A. A False Positive.
- B. A True Positive.
- C. A False Negative.
- D. A True Negative.
正解:C
質問 # 40
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
- A. | top user
- B. | sort by user | where count > 1000
- C. | stats count(user) | sort - count | where count > 1000
- D. | stats count by user | where count > 1000 | sort - count
正解:D
質問 # 41
While testing the dynamic removal of credit card numbers, an analyst lands on using the rex command. What mode needs to be set to in order to replace the defined values with X?
| makeresults
| eval ccnumber="511388720478619733"
| rex field=ccnumber mode=??? "s/(\d{4}-){3)/XXXX-XXXX-XXXX-/g"
Please assume that the above rex command is correctly written.
- A. substitute
- B. sed
- C. replace
- D. mask
正解:B
質問 # 42
An analyst is examining the logs for a web application's login form. They see thousands of failed logon attempts using various usernames and passwords. Internet research indicates that these credentials may have been compiled by combining account information from several recent data breaches.
Which type of attack would this be an example of?
- A. Credential sniffing
- B. Password cracking
- C. Password spraying
- D. Credential stuffing
正解:D
質問 # 43
There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?
- A. Splunk Lantern
- B. Splunk Documentation
- C. Splunk Guidebook
- D. Splunk Answers
正解:D
質問 # 44
Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?
- A. ESCU
- B. InfoSec
- C. SSE
- D. Threat Hunting
正解:A
質問 # 45
The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.
Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?
- A. Moles
- B. Framework mapping
- C. Comments
- D. Annotations
正解:B
質問 # 46
Which of the following is a best practice when creating performant searches within Splunk?
- A. Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
- B. Utilize specific fields to return only the data that is required.
- C. Utilize the transaction command to aggregate data for faster analysis.
- D. Utilize multiple wildcards across fields to ensure returned data is complete and available.
正解:B
質問 # 47
According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?
- A. TTPs
- B. NetworM-lost artifacts
- C. Domain names
- D. Hash values
正解:D
質問 # 48
After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.
What SPL could they use to find all relevant events across either field until the field extraction is fixed?
- A. | eval src = src . machine_name
- B. | eval src = coalesce(src,machine_name)
- C. | eval src = src + machine_name
- D. | eval src = tostring(machine_name)
正解:B
質問 # 49
Which of the following is the primary benefit of using the CIM in Splunk?
- A. It automatically detects and blocks cyber threats.
- B. It improves the performance of search queries on raw data.
- C. It enables the use of advanced machine learning algorithms.
- D. It allows for easier correlation of data from different sources.
正解:D
質問 # 50
Which of the following is considered Personal Data under GDPR?
- A. The birth date of an unidentified user.
- B. An individual's address including their first and last name.
- C. A company's registration number.
- D. The name of a deceased individual.
正解:B
質問 # 51
Which of the following is a correct Splunk search that will return results in the most performant way?
- A. index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, host
- B. index=foo | transaction src_ip |stats count by host | search host=i-478619733
- C. index=foo host=i-478619733 | transaction src_ip |stats count by host
- D. | stats range(_time) as duration by src_ip | index=foo host=i-478619733 | bin duration span=5min | stats count by duration, host
正解:A
質問 # 52
Which of the following is a best practice for searching in Splunk?
- A. Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
- B. Streaming commands run before aggregating commands in the Search pipeline.
- C. Limit fields returned from the search utilizing the cable command.
- D. Searching over All Time ensures that all relevant data is returned.
正解:C
質問 # 53
While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?
- A. rare
- B. uncommon
- C. least
- D. base
正解:A
質問 # 54
An analyst is not sure that all of the potential data sources at her company are being correctly or completely utilized by Splunk and Enterprise Security. Which of the following might she suggest using, in order to perform an analysis of the data types available and some of their potential security uses?
- A. Security Essentials
- B. Splunk Intelligence Management
- C. SOAR
- D. Splunk ITSI
正解:A
質問 # 55
An organization is using Risk-Based Alerting (RBA). During the past few days, a user account generated multiple risk observations. Splunk refers to this account as what type of entity?
- A. Risk Object
- B. Risk Factor
- C. Risk Index
- D. Risk Analysis
正解:C
質問 # 56
A threat hunter executed a hunt based on the following hypothesis:
As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control.
Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the hunter is confident in the conclusion that Cobalt Strike is not present in the company's environment.
Which of the following best describes the outcome of this threat hunt?
- A. The threat hunt failed because no malicious activity was identified.
- B. The threat hunt failed because the hypothesis was not proven.
- C. The threat hunt was successful in providing strong evidence that the tactic and tool is not present in the environment.
- D. The threat hunt was successful because the hypothesis was not proven.
正解:C
質問 # 57
Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain to be mapped to Correlation Search results?
- A. Annotations
- B. Playbooks
- C. Comments
- D. Enrichments
正解:A
質問 # 58
......
最新SPLK-5001試験問題にはリアルなSPLK-5001問題集があります:https://jp.fast2test.com/SPLK-5001-premium-file.html
最新SPLK-5001認証有効な試験問題集解答を試そう!:https://drive.google.com/open?id=1jESfWSjrzc9azKb5RudheXxW5yOH-Ko5