SPLK-5001無料問題集「Splunk Certified Cybersecurity Defense Analyst」

質問 1

Which stage of continuous monitoring involves adding data, creating detections, and building drilldowns?

（A）Establish and Architect

（B）Implement and Collect

（C）Respond and Review

（D）Analyze and Report

正解：B 解答を投票する

質問 2

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

（A）Threat Intelligence Framework

（B）Notable Event Framework

（C）Asset and Identity Framework

（D）Risk Framework

正解：D 解答を投票する

質問 3

Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?

（A）user

（B）src_category

（C）src_ip

（D）asset_category

正解：B 解答を投票する

質問 4

The Lockheed Martin Cyber Kill Chain breaks an attack lifecycle into several stages. A threat actor modified the registry on a compromised Windows system to ensure that their malware would automatically run at boot time. Into which phase of the Kill Chain would this fall?

（A）Exploitation

（B）Delivery

（C）Installation

（D）Act on Objectives

正解：C 解答を投票する

質問 5

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?

（A）Establish and Architect

（B）Implement and Collect

（C）Define and Predict

（D）Analyze and Report

正解：D 解答を投票する

質問 6

An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is the most likely cause?

（A）The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.

（B）The analyst is searching newly indexed data that was improperly parsed.

（C）The analyst does not have the proper role to search this data.

（D）The analyst did not add the excract command to their search pipeline.

正解：D 解答を投票する

質問 7

An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn't seem to be any associated increase in incoming traffic.
What type of threat actor activity might this represent?

（A）Data exfiltration

（B）Lateral movement

（C）Network reconnaissance

（D）Data infiltration

正解：A 解答を投票する

SPLK-5001 無料問題集「Splunk Certified Cybersecurity Defense Analyst」

弊社を連絡する

関連リンク

トップ試験