Splunk SPLK-5001 Splunk Certified Cybersecurity Defense Analyst Exam Practice Test

An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:

147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333

What kind of attack is most likely occurring?

An analyst is attempting to investigate a Notable Event within Enterprise Security. Through the course of their investigation they determined that the logs and artifacts needed to investigate the alert are not available.

What event disposition should the analyst assign to the Notable Event?

The following list contains examples of Tactics, Techniques, and Procedures (TTPs):

1. Exploiting a remote service

2. Lateral movement

3. Use EternalBlue to exploit a remote SMB server

In which order are they listed below?

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

An analyst would like to test how certain Splunk SPL commands work against a small set of dat

a. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?