Question 1

Which dashboard in Enterprise Security would an analyst use to generate a report on users who are currently on a watchlist?

Options :

A : Access Tracker

B : Identity Tracker

C : Access Center

D : Identity Center

Answer: D

Question 2

What does the term "Notable Event" refer to in Splunk Enterprise Security?

Options :

A : A significant security event that requires investigation or action

B : An event that triggers a security alert but is not actionable

C : An ordinary event with no security implications

D : An event that is automatically resolved by the system

Answer: A

Question 3

What are common tiers of Threat Intelligence?

Options :

A : Tactical

B : Technical

C : Operational

D : Strategic

E : Analytical

F : Tactical

Answer: C,D,F

Question 4

What does the term "ransomware" refer to?

Options :

A : Malware that steals personal information

B : Malware that destroys system files

C : Malware that encrypts files and demands payment for decryption

D : Malware that spreads through social media

Answer: C

Question 5

During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why should this be investigated further?

Options :

A :

Temp directories aren't owned by any particular user, making it difficult to track the process owner when files are executed

B :

Temp directories are flagged as non-executable, meaning that no files stored within can be executed, and this executable was run from that directory.

C :

Temp directories contain the system page file and the virtual memory file, meaning the attacker can use their malware to read the in memory values of running programs.

D :

Temp directories are world writable thus allowing attackers a place to drop, stage, and execute malware on a system without needing to worry about file permissions.

Answer: D

Free SPLK-5001 Mock Exam – Practice Online Confidently

Buying Options: