Splunk Certified Cybersecurity Defense Analyst SPLK-5001 Exam Practice Test

Which of the following data sources would be most useful to determine if a user visited a recently identified malicious website?

What is the first phase of the Continuous Monitoring cycle?

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

Splunk SOAR uses what feature to automate security workflows so that analysts can spend more time performing analysis and investigation?

An analyst is not sure that all of the potential data sources at her company are being correctly or completely utilized by Splunk and Enterprise Security. Which of the following might she suggest using, in order to perform an analysis of the data types available and some of their potential security uses?

An analyst discovers malicious software present within the network. When tracing the origin of the software, the analyst discovers it is actually a part of a third-party vendor application that is used regularly by the organization. This is an example of what kind of threat?

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?