Splunk Certified Cybersecurity Defense Analyst SPLK-5001 Exam Questions

During an investigation it is determined that an event is suspicious but expected in the environment. Out of the following, what is the best disposition to apply to this event?

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

Rotating encryption keys after a security incident is most closely linked to which security concept?

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

An analyst learns that several types of data are being ingested into Splunk and Enterprise Security, and wants to use the metadata SPL command to list them in a search. Which of the following arguments should she use?

What feature of Splunk Security Essentials (SSE) allows an analyst to see a listing of current on-boarded data sources in Splunk so they can view content based on available data?

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?