Online Access Free SPLK-5002 Exam Questions

In a contextualization playbook, a URL is transmitted to a sandbox for examination and disposition recommendation. What underlying HTTP method is used to transmit this data to the sandbox?

• A.STOR
• B.GET
• C.PUT
• D.POST

MITRE D3FEND is designed to compliment MITRE's list of adversarial tactics, techniques, and common knowledge (ATT&CK). Which tactics are associated with MITRE D3FEND in order to detect, deny, and disrupt adversarial efforts?

• A.Harden, Detect, Exclude, Deceive, Eradicate
• B.Harden, Detect, Exclude, Define, Eradicate
• C.Harden, Detect, Isolate, Disrupt, Evict
• D.Harden, Detect, Isolate, Deceive, Evict

What is the primary purpose of correlation searches in Splunk?

• A.To extract and index raw data
• B.To identify patterns and relationships between multiple data sources
• C.To store pre-aggregated search results
• D.To create dashboards for real-time monitoring

What must be configured as a setting in a correlation search for a notable to be generated?

• A.The search must end with | notable SPL command.
• B.A SOAR playbook must execute against the notable REST.
• C.Nothing, the correlation search will generate a notable automatically as an outcome.
• D.An Adaptive Response Action must be configured to enable the notable generation.

An engineer adds a custom event status of 'Testing' and accidentally makes it the new default status. Their SOC calculates some metrics based on Notable status change sequences, starting from the old default status of 'New'. Which metrics can be affected by this mistake?

• A.Mean Time to Resolve, Dwell Time
• B.Mean Time to Triage, Dwell Time
• C.No metrics are impacted
• D.Mean Time to Respond, Mean Time to Resolve