Splunk Certified Cybersecurity Defense Analyst SPLK-5001 Exam Practice Test

What is the term for a model of normal network activity used to detect deviations?

An analysis of an organization's security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of implementing the new process or solution that was selected?

Enterprise Security has been configured to generate a Notable Event when a user has quickly authenticated from multiple locations between which travel would be impossible. This would be considered what kind of an anomaly?

A threat hunter is analyzing incoming emails during the past 30 days, looking for spam or phishing campaigns targeting many users. This involves finding large numbers of similar, but not necessarily identical, emails. The hunter extracts key datapoints from each email record, including the sender's address, recipient's address, subject, embedded URLs, and names of any attachments. Using the Splunk App for Data Science and Deep Learning, they then visualize each of these messages as points on a graph, looking for large numbers of points that occur close together. This is an example of what type of threat-hunting technique?

Tactics, Techniques, and Procedures (TTPs) are methods or behaviors utilized by attackers. In which framework are these categorized?

Which Splunk Enterprise Security dashboard displays authentication and access-related data?

During an investigation it is determined that an event is suspicious but expected in the environment. Out of the following, what is the best disposition to apply to this event?