
2024年最新のSPLK-5001実際問題集には試験のコツがあるPDF試験材料
心強いSPLK-5001のPDF問題集問題
Splunk SPLK-5001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 # 21
An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?
- A. src_ip
- B. host
- C. dest
- D. src_nt_host
正解:A
質問 # 22
An analyst is investigating how an attacker successfully performs a brute-force attack to gain a foothold into an organizations systems. In the course of the investigation the analyst determines that the reason no alerts were generated is because the detection searches were configured to run against Windows data only and excluding any Linux data.
This is an example of what?
- A. A True Positive.
- B. A False Negative.
- C. A False Positive.
- D. A True Negative.
正解:B
質問 # 23
Which of the following is considered Personal Data under GDPR?
- A. The name of a deceased individual.
- B. A company's registration number.
- C. An individual's address including their first and last name.
- D. The birth date of an unidentified user.
正解:C
質問 # 24
The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.
Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?
- A. Moles
- B. Framework mapping
- C. Annotations
- D. Comments
正解:B
質問 # 25
An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?
- A. Clicking the risk event count to open the Risk Event Timeline.
- B. Via a workflow action for the Risk Investigation dashboard.
- C. Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.
- D. Running the Risk Analysis Adaptive Response action within the Notable Event.
正解:A
質問 # 26
An analyst would like to test how certain Splunk SPL commands work against a small set of dat a. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?
- A. rename
- B. makeresults
- C. stats
- D. eval
正解:B
質問 # 27
A threat hunter executed a hunt based on the following hypothesis:
As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control.
Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the hunter is confident in the conclusion that Cobalt Strike is not present in the company's environment.
Which of the following best describes the outcome of this threat hunt?
- A. The threat hunt was successful in providing strong evidence that the tactic and tool is not present in the environment.
- B. The threat hunt failed because no malicious activity was identified.
- C. The threat hunt failed because the hypothesis was not proven.
- D. The threat hunt was successful because the hypothesis was not proven.
正解:A
質問 # 28
Which of the following is not considered an Indicator of Compromise (IOC)?
- A. A specific password for a compromised account.
- B. A specific file hash of a malicious executable.
- C. A specific IP address used in a cyberattack.
- D. A specific domain that is utilized for phishing.
正解:A
質問 # 29
An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?
- A. index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
- B. index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
- C. index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
- D. index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
正解:C
質問 # 30
An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn't seem to be any associated increase in incoming traffic.
What type of threat actor activity might this represent?
- A. Network reconnaissance
- B. Data infiltration
- C. Lateral movement
- D. Data exfiltration
正解:D
質問 # 31
A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail.
This is an example of what type of threat-hunting technique?
- A. Co-Occurrence Analysis
- B. Least Frequency of Occurrence Analysis
- C. Outlier Frequency Analysis
- D. Time Series Analysis
正解:B
質問 # 32
An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333 What kind of attack is most likely occurring?
- A. Denial of service attack.
- B. Distributed denial of service attack.
- C. Cross-Site scripting attack.
- D. Database injection attack.
正解:A
質問 # 33
An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is the most likely cause?
- A. The analyst is searching newly indexed data that was improperly parsed.
- B. The analyst does not have the proper role to search this data.
- C. The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
- D. The analyst did not add the excract command to their search pipeline.
正解:D
質問 # 34
Which of the following is a correct Splunk search that will return results in the most performant way?
- A. index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, host
- B. | stats range(_time) as duration by src_ip | index=foo host=i-478619733 | bin duration span=5min | stats count by duration, host
- C. index=foo host=i-478619733 | transaction src_ip |stats count by host
- D. index=foo | transaction src_ip |stats count by host | search host=i-478619733
正解:A
質問 # 35
While testing the dynamic removal of credit card numbers, an analyst lands on using the rex command. What mode needs to be set to in order to replace the defined values with X?
| makeresults
| eval ccnumber="511388720478619733"
| rex field=ccnumber mode=??? "s/(\d{4}-){3)/XXXX-XXXX-XXXX-/g"
Please assume that the above rex command is correctly written.
- A. replace
- B. substitute
- C. mask
- D. sed
正解:D
質問 # 36
An analyst is not sure that all of the potential data sources at her company are being correctly or completely utilized by Splunk and Enterprise Security. Which of the following might she suggest using, in order to perform an analysis of the data types available and some of their potential security uses?
- A. SOAR
- B. Splunk ITSI
- C. Splunk Intelligence Management
- D. Security Essentials
正解:D
質問 # 37
According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?
- A. NetworM-lost artifacts
- B. Hash values
- C. Domain names
- D. TTPs
正解:B
質問 # 38
An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?
- A. regex
- B. fields
- C. eval
- D. rex
正解:D
質問 # 39
Which of the following use cases is best suited to be a Splunk SOAR Playbook?
A Forming hypothesis for Threat Hunting
B. Visualizing complex datasets.
C. Creating persistent field extractions.
D. Taking containment action on a compromised host
正解:
解説:
D
質問 # 40
Which of the following is the primary benefit of using the CIM in Splunk?
- A. It automatically detects and blocks cyber threats.
- B. It allows for easier correlation of data from different sources.
- C. It improves the performance of search queries on raw data.
- D. It enables the use of advanced machine learning algorithms.
正解:B
質問 # 41
What goal of an Advanced Persistent Threat (APT) group aims to disrupt or damage on behalf of a cause?
- A. Prestige
- B. Hacktivism
- C. Financial gain
- D. Cyber espionage
正解:B
質問 # 42
......
結果を保証するには2024年12月最新の無料版提供しています:https://www.jpntest.com/shiken/SPLK-5001-mondaishu
正真正銘のSPLK-5001問題集で無料PDF問題で合格させる:https://drive.google.com/open?id=1DOyKrdMxn_Lmnit5ohX0PFIgzEeGcAX9