Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

SPLK-5001Free trial

By splunk

Verified

25Q per page

Question 1

Which Enterprise Security framework provides a mechanism for running preconfigured actions within the Splunk platform or integrating with external applications?

A: Asset and Identity
B: Notable Event
C: Threat Intelligence
D: Adaptive Response

—

Question 2

An analyst would like to visualize threat objects across their environment and chronological risk events for a Risk Object in Incident Review. Where would they find this?

A: Running the Risk Analysis Adaptive Response action within the Notable Event.
B: Via a workflow action for the Risk Investigation dashboard.
C: Via the Risk Analysis dashboard under the Security Intelligence tab in Enterprise Security.
D: Clicking the risk event count to open the Risk Event Timeline.

—

Question 3

A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious.
What should they ask their engineer for to make their analysis easier?

A: Create a field extraction for this information.
B: Add this information to the risk_message.
C: Create another detection for this information.
D: Allowlist more events based on this information.

—

Question 4

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?

A: Host-based firewall
B: Web proxy
C: Endpoint Detection and Response
D: Intrusion Detection System

—

Question 5

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server’s access log has the same log entry millions of times:
147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733
What kind of attack is occurring?

A: Denial of Service Attack
B: Distributed Denial of Service Attack
C: Cross-Site Scripting Attack
D: Database Injection Attack

—

Question 6

According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?

A: Domain names
B: TTPs
C: Network/Host artifacts
D: Hash values

—

Question 7

An analysis of an organization’s security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of implementing the new process or solution that was selected?

A: Security Architect
B: SOC Manager
C: Security Engineer
D: Security Analyst

—

Question 8

Which of the following is a correct Splunk search that will return results in the most performant way?

A: index=foo host=i-478619733 | stats range(_time) as duration by src_ip | bin duration span=5min | stats count by duration, host
B: | stats range(_time) as duration by src_ip | index=foo host=i-478619733 | bin duration span=5min | stats count by duration, host
C: index=foo host=i-478619733 | transaction src_ip |stats count by host
D: index=foo | transaction src_ip |stats count by host | search host=i-478619733

—

Question 9

There are many resources for assisting with SPL and configuration questions. Which of the following resources feature community-sourced answers?

A: Splunk Answers
B: Splunk Lantern
C: Splunk Guidebook
D: Splunk Documentation

—

Question 10

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

A: SOC Manager
B: Security Analyst
C: Security Engineer
D: Security Architect

—

Question 11

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

A: Threat Intelligence Framework
B: Risk Framework
C: Notable Event Framework
D: Asset and Identity Framework

—

Question 12

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain® to be mapped to Correlation Search results?

A: Annotations
B: Playbooks
C: Comments
D: Enrichments

—

Question 13

While the top command is utilized to find the most common values contained within a field, a Cyber Defense Analyst hunts for anomalies. Which of the following Splunk commands returns the least common values?

A: least
B: uncommon
C: rare
D: base

—

Question 14

The Lockheed Martin Cyber Kill Chain® breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

A: Act on Objectives
B: Exploitation
C: Delivery
D: Installation

—

That’s the end of your free questions

You’ve reached the preview limit for SPLK-5001

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 66

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!