Online Access Free SPLK-5001 Exam Questions

Which of the following is a reason to use Data Model Acceleration in Splunk?

• A.To quickly model various responses to a particular vulnerability.
• B.To retrieve data faster than from a raw index.
• C.To rapidly compare the use of various algorithms to detect anomalies.
• D.To normalize the data associated with threats.

Which field is automatically added to search results when assets are properly defined and enabled in Splunk Enterprise Security?

• A.src_category
• B.asset_category
• C.src_ip
• D.user

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

• A.Creating persistent field extractions.
• B.Visualizing complex datasets.
• C.Taking containment action on a compromised host
• D.Forming hypothesis for Threat Hunting

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?

• A.Analyze and Report
• B.Implement and Collect
• C.Establish and Architect
• D.Define and Predict

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

• A.index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
• B.index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
• C.index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
• D.index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts