Question 1

A Risk Rule generates events on Suspicious Cloud Share Activity and regularly contributes to confirmed incidents from Risk Notables. An analyst realizes the raw logs these events are generated from contain information which helps them determine what might be malicious. What should they ask their engineer for to make their analysis easier?

Options :

A : Create a field extraction for this information.

B : Add this information to the risk message.

C : Create another detection for this information.

D : Allowlist more events based on this information.

Answer: A

Question 2

When should adaptive response actions be used within Splunk Enterprise Security?

Options :

A : Only during system maintenance

B : In response to specific security events

C : Randomly throughout the day

D : Never, as they are not effective

Answer: B

Question 3

What are common roles in a SOC?

Options :

A : Analyst, Engineer, Architect

B : Investigator, Operator, Supervisor

C : Specialist, Coordinator, Administrator

D : Developer, Manager, Technician

Answer: A

Question 4

What is the purpose of the CIM (Common Information Model) in Splunk?

Options :

A : To automate security incident response

B : To encrypt sensitive information in logs

C : To provide a standard framework for organizing and normalizing data

D : To generate visualizations for data analysis

Answer: C

Question 5

Which of the following are common cyber industry controls, standards, or frameworks?

Options :

A :

COBIT

B : GDPR

C : ISO/IEC 27001

D : HIPAA

E : NIST Cybersecurity Framework

Answer: A,C,E

Higher Test Marks with Free Online SPLK-5001 Exam Practice

Buying Options: