File Info
| Exam | Splunk Certified Cybersecurity Defense Analyst |
| Number | SPLK-5001 |
| File Name | Splunk.SPLK-5001.VCEplus.2024-08-23.40q.tqb |
| Size | 119 KB |
| Posted | Aug 23, 2024 |
| Download | Splunk.SPLK-5001.VCEplus.2024-08-23.40q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following is a best practice for searching in Splunk?
- Streaming commands run before aggregating commands in the Search pipeline.
- Raw word searches should contain multiple wildcards to ensure all edge cases are covered.
- Limit fields returned from the search utilizing the cable command.
- Searching over All Time ensures that all relevant data is returned.
Correct answer: C
Question 2
While testing the dynamic removal of credit card numbers, an analyst lands on using the rex command. What mode needs to be set to in order to replace the defined values with X?
| makeresults
| eval ccnumber='511388720478619733'
| rex field=ccnumber mode=??? 's/(\d{4}-){3)/XXXX-XXXX-XXXX-/g'
Please assume that the above rex command is correctly written.
- sed
- replace
- mask
- substitute
Correct answer: A
Question 3
After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.
What SPL could they use to find all relevant events across either field until the field extraction is fixed?
- | eval src = coalesce(src,machine_name)
- | eval src = src + machine_name
- | eval src = src . machine_name
- | eval src = tostring(machine_name)
Correct answer: A
Question 4
An analyst would like to test how certain Splunk SPL commands work against a small set of data. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?
- makeresults
- rename
- eval
- stats
Correct answer: A
Question 5
An analyst is examining the logs for a web application's login form. They see thousands of failed logon attempts using various usernames and passwords. Internet research indicates that these credentials may have been compiled by combining account information from several recent data breaches.
Which type of attack would this be an example of?
- Credential sniffing
- Password cracking
- Password spraying
- Credential stuffing
Correct answer: D
Question 6
An analysis of an organization's security posture determined that a particular asset is at risk and a new process or solution should be implemented to protect it. Typically, who would be in charge of designing the new process and selecting the required tools to implement it?
- SOC Manager
- Security Engineer
- Security Architect
- Security Analyst
Correct answer: C
Question 7
Which of the following data sources can be used to discover unusual communication within an organization's network?
- EDS
- Net Flow
- Email
- IAM
Correct answer: B
Question 8
Which of the following is a best practice when creating performant searches within Splunk?
- Utilize the transaction command to aggregate data for faster analysis.
- Utilize Aggregating commands to ensure all data is available prior to Streaming commands.
- Utilize specific fields to return only the data that is required.
- Utilize multiple wildcards across fields to ensure returned data is complete and available.
Correct answer: C
Question 9
Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?
- SSE
- ESCU
- Threat Hunting
- InfoSec
Correct answer: B
Question 10
Which search command allows an analyst to match whatever is inside the parentheses as a single term in the index, even if it contains characters that are usually recognized as minor breakers such as periods or underscores?
- CASE()
- LIKE()
- FORMAT ()
- TERM ()
Correct answer: D
