SPLK-5001無料問題集「Splunk Certified Cybersecurity Defense Analyst」

質問 1

Which of the following is considered Personal Data under GDPR?

（A）An individual's address including their first and last name.

（B）A company's registration number.

（C）The birth date of an unidentified user.

（D）The name of a deceased individual.

正解：A 解答を投票する

質問 2

The eval SPL expression supports many types of functions. Which of these function categories is not valid with eval?

（A）JSON functions

（B）Threat functions

（C）Text functions

（D）Comparison and Conditional functions

正解：B 解答を投票する

質問 3

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain to be mapped to Correlation Search results?

（A）Annotations

（B）Playbooks

（C）Enrichments

（D）Comments

正解：A 解答を投票する

質問 4

A successful Continuous Monitoring initiative involves the entire organization. When an analyst discovers the need for more context or additional information, perhaps from additional data sources or altered correlation rules, to what role would this request generally escalate?

（A）Security Analyst

（B）Security Architect

（C）SOC Manager

（D）Security Engineer

正解：D 解答を投票する

質問 5

Which of the following is a tactic used by attackers, rather than a technique?

（A）Gathering information about a target.

（B）Establishing persistence with a scheduled task.

（C）Using a phishing email to gain initial access.

（D）Escalating privileges via UAC bypass.

正解：A 解答を投票する

質問 6

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

（A）Strategic

（B）Tactical

（C）Operational

（D）Executive

正解：A 解答を投票する

質問 7

After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.
What SPL could they use to find all relevant events across either field until the field extraction is fixed?

（A）| eval src = coalesce(src,machine_name)

（B）| eval src = src . machine_name

（C）| eval src = tostring(machine_name)

（D）| eval src = src + machine_name

正解：A 解答を投票する

SPLK-5001 無料問題集「Splunk Certified Cybersecurity Defense Analyst」

弊社を連絡する

関連リンク

トップ試験