Splunk Certified Cybersecurity Defense Analyst SPLK-5001 Exam Questions

Tactics, Techniques, and Procedures (TTPs) are methods or behaviors utilized by attackers. In which framework are these categorized?

Which of the following data sources would be most useful to determine if a user visited a recently identified malicious website?

An adversary uses "LoudWiner" to hijack resources for crypto mining. What does this represent in a TTP framework?

Which of the following SPL searches is likely to return results the fastest?

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

What feature of Splunk Security Essentials (SSE) allows an analyst to see a listing of current on-boarded data sources in Splunk so they can view content based on available data?

A threat hunter is analyzing incoming emails during the past 30 days, looking for spam or phishing campaigns targeting many users. This involves finding large numbers of similar, but not necessarily identical, emails. The hunter extracts key datapoints from each email record, including the sender's address, recipient's address, subject, embedded URLs, and names of any attachments. Using the Splunk App for Data Science and Deep Learning, they then visualize each of these messages as points on a graph, looking for large numbers of points that occur close together. This is an example of what type of threat-hunting technique?