SPLK-5001無料問題集「Splunk Certified Cybersecurity Defense Analyst」

質問 1

An analyst would like to test how certain Splunk SPL commands work against a small set of dat a. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?

（A）eval

（B）stats

（C）rename

（D）makeresults

正解：D 解答を投票する

質問 2

Which stage of continuous monitoring involves adding data, creating detections, and building drilldowns?

（A）Establish and Architect

（B）Implement and Collect

（C）Respond and Review

（D）Analyze and Report

正解：B 解答を投票する

質問 3

An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333 What kind of attack is most likely occurring?

（A）Database injection attack.

（B）Distributed denial of service attack.

（C）Denial of service attack.

（D）Cross-Site scripting attack.

正解：C 解答を投票する

質問 4

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

（A）index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts

（B）index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts

（C）index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts

（D）index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts

正解：A 解答を投票する

質問 5

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

（A）Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.

（B）Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.

（C）Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.

（D）Data-driven hunts always require more data to search through than hypothesis-driven hunts.

正解：C 解答を投票する

質問 6

Which of the following is a best practice for searching in Splunk?

（A）Streaming commands run before aggregating commands in the Search pipeline.

（B）Raw word searches should contain multiple wildcards to ensure all edge cases are covered.

（C）Limit fields returned from the search utilizing the cable command.

（D）Searching over All Time ensures that all relevant data is returned.

正解：C 解答を投票する

質問 7

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

（A）Security Analyst

（B）Security Architect

（C）SOC Manager

（D）Security Engineer

正解：D 解答を投票する

SPLK-5001 無料問題集「Splunk Certified Cybersecurity Defense Analyst」

弊社を連絡する

関連リンク

トップ試験