Question 1

The Lockheed Martin Cyber Kill Chain® breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

Options :

A : Act on Objectives

B : Exploitation

C : Delivery

D : Installation

Answer: D

Question 2

Which metric measures the average time it takes to identify and respond to security incidents?

Options :

A : Dwell Time

B : Mean Time to Detect (MTTD)

C : Mean Time to Resolution (MTTR)

D : Mean Time to Respond (MTTR)

Answer: A

Question 3

A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious. What should they ask their engineer for to make their analysis easier?

Options :

A : Create a field extraction for this information.

B : Add this information to the risk message.

C : Create another detection for this information.

D : Allowlist more events based on this information.

Answer: A

Question 4

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

Options :

A : Forming hypothesis for Threat Hunting

B : Visualizing complex datasets.

C : Creating persistent field extractions.

D : Taking containment action on a compromised host

Answer: D

Question 5

What does the term "Notable Event" refer to in Splunk Enterprise Security?

Options :

A : A significant security event that requires investigation or action

B : An event that triggers a security alert but is not actionable

C : An ordinary event with no security implications

D : An event that is automatically resolved by the system

Answer: A

Free SPLK-5001 Mock Exam – Practice Online Confidently

Buying Options: