SPLK-5001試験無料問題集（68題）「Splunk Certified Cybersecurity Defense Analyst 認定」

出題：1

A Cyber Threat Intelligence (CTI) team produces a report detailing a specific threat actor's typical behaviors and intent. This would be an example of what type of intelligence?

A. Tactical

B. Strategic

C. Executive

D. Operational

正解：B 解答を投票する

出題：2

Which of the following is a best practice for searching in Splunk?

A. Searching over All Time ensures that all relevant data is returned.

B. Limit fields returned from the search utilizing the cable command.

C. Raw word searches should contain multiple wildcards to ensure all edge cases are covered.

D. Streaming commands run before aggregating commands in the Search pipeline.

正解：B 解答を投票する

出題：3

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

A. MTTR (Mean Time to Respond)

B. MTBF (Mean Time Between Failures)

C. MTTA (Mean Time to Acknowledge)

D. MTTD (Mean Time to Detect)

正解：A 解答を投票する

出題：4

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

A. dest

B. src_ip

C. src_nt_host

D. host

正解：B 解答を投票する

出題：5

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?

A. Splunk Answers

B. Splunk Lantern

C. Splunk Documentation

D. Splunk Guidebook

正解：A 解答を投票する

出題：6

Which Enterprise Security framework provides a mechanism for running preconfigured actions within the Splunk platform or integrating with external applications?

A. Notable Event

B. Asset and Identity

C. Threat Intelligence

D. Adaptive Response

正解：D 解答を投票する

出題：7

Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?

A. user

B. src_ip

C. asset_category

D. src_category

正解：D 解答を投票する

SPLK-5001試験無料問題集「Splunk Certified Cybersecurity Defense Analyst 認定」