Practice Free SPLK-5001 Exam Online Questions
Which method for deleting specific CIs is not discovered in 30 days?
- A . Scheduled Job
- B . UI Policy
- C . Service Mapping
- D . Data Policy
A
Explanation:
A scheduled job is a background process that runs at a specified time or interval to perform a specific task1. It is not a method for deleting specific CIs that are not discovered in 30 days. The other options are methods for deleting or updating CIs based on discovery data. A UI policy is a script that can dynamically change the behavior of a form or list2. A service mapping is a process that creates a map of the relationships between CIs that support a business service3. A data policy is a rule that enforces data consistency and accuracy by validating the data entered into a record.
Reference: 1: Scheduled Jobs 2: UI Policies 3: Service Mapping: Data Policies
Which of the following is not a component of the Splunk Security Content library (ESCU, SSE)?
- A . Dashboards
- B . Reports
- C . Correlation searches
- D . Validated architectures
According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?
- A . dest_user
- B . src_user_id
- C . src_user
- D . username
What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?
- A . Hacktivism
- B . Cyber espionage
- C . Financial gain
- D . Prestige
What feature of Splunk Security Essentials (SSE) allows an analyst to see a listing of current on-boarded data sources in Splunk so they can view content based on available data?
- A . Security Data Journey
- B . Security Content
- C . Data Inventory
- D . Data Source Onboarding Guides
What feature of Splunk Security Essentials (SSE) allows an analyst to see a listing of current on-boarded data sources in Splunk so they can view content based on available data?
- A . Security Data Journey
- B . Security Content
- C . Data Inventory
- D . Data Source Onboarding Guides
While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies.
Which of the following Splunk commands returns the least common values?
- A . least
- B . uncommon
- C . rare
- D . base
What is the main difference between hypothesis-driven and data-driven Threat Hunting?
- A . Data-driven hunts always require more data to search through than hypothesis-driven hunts.
- B . Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.
- C . Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.
- D . Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.
An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP.
What Enterprise Security data model would they use to investigate which process initiated the network connection?
- A . Endpoint
- B . Authentication
- C . Network traffic
- D . Web
What Splunk feature would enable enriching public IP addresses with ASN and owner information?
- A . Using rex to extract this information at search time.
- B . Using lookup to include relevant information.
- C . Using oval commands to calculate the ASM.
- D . Using makersanita to add the ASMs to the search.