Splunk SPLK-5001 Exam Practice Test Instant Access

Question 1

What is the following step-by-step description an example of?

1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document.

2. The attacker creates a unique email with the malicious document based on extensive research about their target.

3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.

ATactic

BPolicy

CProcedure

DTechnique

Answer : D

Question 2

What is the main difference between a DDoS and a DoS attack?

AA DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.

BA DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.

CA DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.

DA DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.

Answer : C

Question 3

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

AData-driven hunts always require more data to search through than hypothesis-driven hunts.

BData-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.

CHypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.

DHypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.

Answer : B

Question 4

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.

This is an example of what type of threat-hunting technique?

ALeast Frequency of Occurrence Analysis

BCo-Occurrence Analysis

CTime Series Analysis

DOutlier Frequency Analysis

Answer : A

Question 5

The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?

AMalware

BAlerts

CVulnerabilities

DEndpoint

Answer : D

Question 6

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

Aindex=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts

Bindex=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts

Cindex=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts

Dindex=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts

Answer : C

Question 7

Which of the following is considered Personal Data under GDPR?

AThe birth date of an unidentified user.

BAn individual's address including their first and last name.

CThe name of a deceased individual.

DA company's registration number.

Answer : B

Splunk SPLK-5001 Splunk Certified Cybersecurity Defense Analyst Exam Practice Test