Splunk SPLK-5001 Exam Questions Instant Access

Question 1

What is the term for a model of normal network activity used to detect deviations?

AA baseline.

BA cluster.

CA time series.

DA data model.

Answer : A

Question 2

What is the first phase of the Continuous Monitoring cycle?

AMonitor and Protect

BDefine and Predict

CAssess and Evaluate

DRespond and Recover

Answer : B

Question 3

A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?

AMTTR (Mean Time to Respond)

BMTBF (Mean Time Between Failures)

CMTTA (Mean Time to Acknowledge)

DMTTD (Mean Time to Detect)

Answer : A

Question 4

Which dashboard in Enterprise Security would an analyst use to generate a report on users who are currently on a watchlist?

AAccess Tracker

BIdentity Tracker

CAccess Center

DIdentity Center

Answer : D

Question 5

Rotating encryption keys after a security incident is most closely linked to which security concept?

AConfidentiality

BObfuscation

CIntegrity

DAvailability

Answer : A

Question 6

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?

Aleast

Buncommon

Crare

Dbase

Answer : C

Question 7

What Splunk feature would enable enriching public IP addresses with ASN and owner information?

AUsing rex to extract this information at search time.

BUsing lookup to include relevant information.

CUsing oval commands to calculate the ASM.

DUsing makersanita to add the ASMs to the search.

Answer : B

Splunk Certified Cybersecurity Defense Analyst SPLK-5001 Exam Questions