Question 1

Which of the following is a best practice for searching in Splunk?

Options :

A : Streaming commands run before aggregating commands in the Search pipeline.

B : Raw word searches should contain multiple wildcards to ensure all edge cases are covered.

C : Limit fields returned from the search utilizing the cable command.

D : Searching over All Time ensures that all relevant data is returned.

Answer: A

Question 2

Which component of Splunk Enterprise Security is responsible for normalizing data into a common format?

Options :

A : Reports

B : Indexes

C : CIM (Common Information Model)

D : Data Models

Answer: C

Question 3

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail. This is an example of what type of threat-hunting technique?

Options :

A : Least Frequency of Occurrence Analysis

B : Co-Occurrence Analysis

C : Time Series Analysis

D : Outlier Frequency Analysis

Answer: A

Question 4

What do tactics, techniques, and procedures (TTPs) refer to in the cybersecurity industry?

Options :

A : Legal regulations governing data privacy

B : Methods used by threat actors to achieve their objectives

C : Security controls implemented by organizations

D : Common vulnerabilities in software

Answer: B

Question 5

What are common types of cyber defense systems used for threat analysis?

Options :

A : Intrusion Detection Systems (IDS)

B : Antivirus software

C : Security Information and Event Management (SIEM)

D : Endpoint Detection and Response (EDR)

Answer: A,C,D

Free SPLK-5001 Mock Exam – Practice Online Confidently

Buying Options: