Splunk SPLK-5001 Exam Practice Test Instant Access

Question 1

What is the main difference between a DDoS and a DoS attack?

AA DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.

BA DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.

CA DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.

DA DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.

Answer : C

Question 2

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

AData-driven hunts always require more data to search through than hypothesis-driven hunts.

BData-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.

CHypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.

DHypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.

Answer : B

Question 3

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.

This is an example of what type of threat-hunting technique?

ALeast Frequency of Occurrence Analysis

BCo-Occurrence Analysis

CTime Series Analysis

DOutlier Frequency Analysis

Answer : A

Question 4

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

AMalware

BAlerts

CVulnerabilities

DEndpoint

Answer : D

Question 5

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

Aindex=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts

Bindex=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts

Cindex=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts

Dindex=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts

Answer : C

Question 6

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

ASOC Manager

BSecurity Analyst

CSecurity Engineer

DSecurity Architect

Answer : C

Question 7

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?

ASplunk Answers

BSplunk Lantern

CSplunk Guidebook

DSplunk Documentation

Answer : A

Splunk SPLK-5001 Splunk Certified Cybersecurity Defense Analyst Exam Practice Test