SPLK-5001試験無料問題集（102題）「Splunk Certified Cybersecurity Defense Analyst 認定」

出題：1

Which of the following data sources can be used to discover unusual communication within an organization's network?

A. Net Flow

B. IAM

C. EDS

D. Email

正解：A 解答を投票する

出題：2

As an analyst, tracking unique users is a common occurrence. The Security Operations Center (SOC) manager requested a search with results in a table format to track the cumulative downloads by distinct IP address. Which example calculates the running total of distinct users over time?

A. eventtype="download" | bin_time span=1d | stats values(clientip) as ipa dc(clientip) by _time

B. eventtype="download" | bin_time span=1d | stats values(clientip) as ipa dc(clientip) by _time | streamstats dc(ipa) as "Cumulative total"

C. eventtype="download" | bin_time span=1d | stats values(clientip) as ipa dc(clientip) by user | table _time ipa

D. eventtype="download" | bin_time span=1d | table clientip _time user

正解：B 解答を投票する

出題：3

Which of the following is considered Personal Data under GDPR?

A. An individual's address including their first and last name.

B. A company's registration number.

C. The name of a deceased individual.

D. The birth date of an unidentified user.

正解：A 解答を投票する

出題：4

When searching in Splunk, which of the following SPL commands can be used to run a subsearch across every field in a wildcard field list?

A. makeresults

B. transaction

C. rex

D. foreach

正解：D 解答を投票する

出題：5

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor's typical behaviors and intent. This would be an example of what type of intelligence?

A. Tactical

B. Strategic

C. Executive

D. Operational

正解：A 解答を投票する

出題：6

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

A. Endpoint

B. Alerts

C. Vulnerabilities

D. Malware

正解：A 解答を投票する

出題：7

Which of the following is not considered a type of default metadata in Splunk?

A. Source of data

B. Event description

C. Host name

D. Timestamps

正解：B 解答を投票する

出題：8

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

A. Delivery

B. Act on Objectives

C. Exploitation

D. Installation

正解：D 解答を投票する

出題：9

Refer to the exibit.

An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is themost likelycause?

A. The analyst is searching newly indexed data that was improperly parsed.

B. The analyst did not add the excract command to their search pipeline.

C. The analyst does not have the proper role to search this data.

D. The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.

正解：D 解答を投票する

出題：10

An analyst is attempting to investigate a Notable Event within Enterprise Security. Through the course of their investigation they determined that the logs and artifacts needed to investigate the alert are not available.
What event disposition should the analyst assign to the Notable Event?

A. Benign Positive, since there was no evidence that the event actually occurred.

B. Other, since a security engineer needs to ingest the required logs.

C. False Negative, since there are no logs to prove the activity actually occurred.

D. True Positive, since there are no logs to prove that the event did not occur.

正解：B 解答を投票する

SPLK-5001試験無料問題集「Splunk Certified Cybersecurity Defense Analyst 認定」