Practice Free SPLK-5001 Exam Online Questions
Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?
- A . asset_category
- B . src_ip
- C . src_category
- D . user
Which of the following use cases is best suited to be a Splunk SOAR Playbook?
- A . Forming hypothesis for Threat Hunting.
- B . Taking containment action on a compromised host.
- C . Creating persistent field extractions.
- D . Visualizing complex datasets.
During their shift, an analyst receives an alert about an executable being run from C:WindowsTemp.
Why should this be investigated further?
- A . Temp directories aren’t owned by any particular user, making it difficult to track the process owner when files are executed.
- B . Temp directories are flagged as non-executable, meaning that no files stored within can be executed, and this executable was run from that directory.
- C . Temp directories contain the system page file and the virtual memory file, meaning the attacker can use their malware to read the in memory values of running programs.
- D . Temp directories are world writable thus allowing attackers a place to drop, stage, and execute malware on a system without needing to worry about file permissions.
Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?
- A . SSE
- B . ESCU
- C . Threat Hunting
- D . InfoSec
Tactics, Techniques, and Procedures (TTPs) are methods or behaviors utilized by attackers.
In which framework are these categorized?
- A . NIST 800-53
- B . ISO 27000
- C . CIS18
- D . MITRE ATT&CK
Enterprise Security has been configured to generate a Notable Event when a user has quickly authenticated from multiple locations between which travel would be impossible.
This would be considered what kind of an anomaly?
- A . Access Anomaly
- B . Identity Anomaly
- C . Endpoint Anomaly
- D . Threat Anomaly
Which of the following compliance frameworks was specifically created to measure the level of cybersecurity maturity within an organization?
- A . PCI-DSS
- B . GDPR
- C . CHMC
- D . FISMA
When the victim opens this document, a C2 channel is established to the attacker’s temporary infrastructure on a compromised website.
- A . Tactic
- B . Policy
- C . Procedure
- D . Technique
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
- A . | sort by user | where count > 1000
- B . | stats count by user | where count > 1000 | sort – count
- C . | top user
- D . | stats count(user) | sort – count | where count > 1000
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
- A . | sort by user | where count > 1000
- B . | stats count by user | where count > 1000 | sort – count
- C . | top user
- D . | stats count(user) | sort – count | where count > 1000