SPLK-5002試験無料問題集「Splunk Certified Cybersecurity Defense Engineer 認定」

Risk scores are associated with how many levels of risk in Enterprise Security by default?

解説: (GoShiken メンバーにのみ表示されます)
An engineer is writing a correlation search and wants to use T1027 from MITRE ATT&CK as a field in Incident Review. Assuming they are writing a correlation search that does not use the Risk data model, what example statement should be appended at the end of their correlation search?

解説: (GoShiken メンバーにのみ表示されます)
What can an engineer use to capture contextual values from a dashboard and create a drilldown to link to a new search?

解説: (GoShiken メンバーにのみ表示されます)
Which tool can help identify known tactics, techniques, and procedures that a threat group is most likely to use when targeting a financial organization?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following is a methodology to help prevent malicious lateral movement?

解説: (GoShiken メンバーにのみ表示されます)
The threat-hunting team has identified suspicious activity. An analyst manually creates a notable event using an event action to track the activity. How should a detection engineer ensure this activity automatically produces findings in the future?

解説: (GoShiken メンバーにのみ表示されます)
Based on a recent red team exercise, an organization is highly concerned about pass the hash attacks especially including tools like Empire. Which Eventcode associated to PowerShell Script Block Logging would be used to detect this activity?

解説: (GoShiken メンバーにのみ表示されます)
In Enterprise Security, what is the name of the threat intelligence lookup pertaining to files?

解説: (GoShiken メンバーにのみ表示されます)