Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Splunk® SPLK-5001

Splunk® SPLK-5001 Exam Practice Questions (P. 2)

  • Full Access (111 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn’t seem to be any associated increase in incoming traffic.
What type of threat actor activity might this represent?
  1. A
    Data exfiltration
  2. B
    Network reconnaissance
  3. C
    Data infiltration
  4. D
    Lateral movement

Correct Answer: A ?️

Question #7
In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?
  1. A
    Define and Predict
  2. B
    Establish and Architect
  3. C
    Analyze and Report
  4. D
    Implement and Collect

Correct Answer: C ?️

Question #8
An analyst is not sure that all of the potential data sources at her company are being correctly or completely utilized by Splunk and Enterprise Security. Which of the following might she suggest using, in order to perform an analysis of the data types available and some of their potential security uses?
  1. A
    Splunk ITSI
  2. B
    Splunk Security Essentials
  3. C
    Splunk SOAR
  4. D
    Splunk Intelligence Management

Correct Answer: B ?️

Question #9
During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why should this be investigated further?
  1. A
    Temp directories aren’t owned by any particular user, making it difficult to track the process owner when files are executed.
  2. B
    Temp directories are flagged as non-executable, meaning that no files stored within can be executed, and this executable was run from that directory.
  3. C
    Temp directories contain the system page file and the virtual memory file, meaning the attacker can use their malware to read the in memory values of running programs.
  4. D
    Temp directories are world writable thus allowing attackers a place to drop, stage, and execute malware on a system without needing to worry about file permissions.

Correct Answer: D ?️

Question #10
An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?
  1. A
    Running the Risk Analysis Adaptive Response action within the Notable Event.
  2. B
    Via a workflow action for the Risk Investigation dashboard.
  3. C
    Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.
  4. D
    Clicking the risk event count to open the Risk Event Timeline.

Correct Answer: D ?️

Previous Questions Next Questions

All Pages