SPLK-5001のPDF問題集で2026年03月10日試験問題 有効なSPLK-5001問題集
究極のSPLK-5001準備ガイドで無料最新のSplunk練習テスト問題集
質問 # 17
An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is the most likely cause?
- A. The analyst is searching newly indexed data that was improperly parsed.
- B. The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
- C. The analyst did not add the excract command to their search pipeline.
- D. The analyst does not have the proper role to search this data.
正解:C
質問 # 18
There are different metrics that can be used to provide insights into SOC operations. If Mean Time to Respond is defined as the total time it takes for an Analyst to disposition an event, what is the typical starting point for calculating this metric for a particular event?
- A. When the SOC Manager is informed of the issue.
- B. When the malicious event occurs.
- C. When the end users are notified about the issue.
- D. When a Notable Event is triggered.
正解:D
質問 # 19
Refer to the exibit.
An analyst is building a search to examine Windows XML Event Logs, but the initial search is not returning any extracted fields. Based on the above image, what is themost likelycause?
- A. The analyst did not add the excract command to their search pipeline.
- B. The analyst is searching newly indexed data that was improperly parsed.
- C. The analyst is not in the Drooer Search Mode and should switch to Smart or Verbose.
- D. The analyst does not have the proper role to search this data.
正解:C
質問 # 20
What is the following step-by-step description an example of?
1. The attacker devises a non-default beacon profile with Cobalt Strike and embeds this within a document.
2. The attacker creates a unique email with the malicious document based on extensive research about their target.
3. When the victim opens this document, a C2 channel is established to the attacker's temporary infrastructure on a compromised website.
- A. Technique
- B. Policy
- C. Procedure
- D. Tactic
正解:A
質問 # 21
Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server's access log has the same log entry millions of times:
147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733 What kind of attack is occurring?
- A. Distributed Denial of Service Attack
- B. Cross-Site Scripting Attack
- C. Database Injection Attack
- D. Denial of Service Attack
正解:A
質問 # 22
In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?
- A. Define and Predict
- B. Analyze and Report
- C. Implement and Collect
- D. Establish and Architect
正解:B
質問 # 23
An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?
- A. index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
- B. index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
- C. index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
- D. index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
正解:B
質問 # 24
Which of the following SPL searches is likely to return results the fastest?
- A. index-network src_port=2938 protocol=top | stats count by src_ip | search src_ip=1.2.3.4
- B. src_ip=1.2.3.4 src_port=2938 protocol=top | stats count
- C. index-network sourcetype=netflow src_ip=1.2.3.4 src_port=2938 protocol=top | stats count
- D. src_port=2938 AND protocol=top | stats count by src_ip | search src_ip=1.2.3.4
正解:C
質問 # 25
While investigating findings in Enterprise Security, an analyst has identified a compromised device. Without leaving ES, what action could they take to run a sequence of containment activities on the compromised device that also updates the original finding?
- A. Run an event-level workflow action that initiates a SOAR playbook.
- B. Run a field-level workflow action that initiates a SOAR playbook.
- C. Run an alert action that initiates a SOAR playbook.
- D. Run an adaptive response action that initiates a SOAR playbook.
正解:D
質問 # 26
An analyst needs to create a new field at search time. Which Splunk command will dynamically extract additional fields as part of a Search pipeline?
- A. regex
- B. fields
- C. rex
- D. eval
正解:C
質問 # 27
What is the first phase of the Continuous Monitoring cycle?
- A. Assess and Evaluate
- B. Respond and Recover
- C. Monitor and Protect
- D. Define and Predict
正解:D
質問 # 28
The following list contains examples of Tactics, Techniques, and Procedures (TTPs):
1. Exploiting a remote service
2. Lateral movement
3. Use EternalBlue to exploit a remote SMB server
In which order are they listed below?
- A. Technique, Tactic, Procedure
- B. Tactic, Technique, Procedure
- C. Procedure, Technique, Tactic
- D. Tactic, Procedure, Technique
正解:B
質問 # 29
The field file_acl contains access controls associated with files affected by an event. In which data model would an analyst find this field?
- A. Vulnerabilities
- B. Endpoint
- C. Alerts
- D. Malware
正解:B
質問 # 30
An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
[51.125.121.100 - [28/01/2006:10:27:10 -0300] "POST /cgi-bin/shurdown/ HTTP/1.0" 200 3304] What kind of attack is most likely occurring?
- A. Cross-Site scripting attack.
- B. Denial of service attack.
- C. Database injection attack.
- D. Distributed denial of service attack.
正解:B
質問 # 31
An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:
147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333 What kind of attack is most likely occurring?
- A. Cross-Site scripting attack.
- B. Denial of service attack.
- C. Database injection attack.
- D. Distributed denial of service attack.
正解:B
質問 # 32
A Risk Notable Event has been triggered in Splunk Enterprise Security, an analyst investigates the alert, and determines it is a false positive. What metric would be used to define the time between alert creation and close of the event?
- A. MTBF (Mean Time Between Failures)
- B. MTTA (Mean Time to Acknowledge)
- C. MTTD (Mean Time to Detect)
- D. MTTR (Mean Time to Respond)
正解:D
質問 # 33
Which of the following roles is commonly responsible for selecting and designing the infrastructure and tools that a security analyst utilizes to effectively complete their job duties?
- A. Security Engineer
- B. Threat Intelligence Analyst
- C. Security Architect
- D. SOC Manager
正解:C
質問 # 34
Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?
- A. SSE
- B. ESCU
- C. Threat Hunting
- D. InfoSec
正解:B
質問 # 35
......
Splunk SPLK-5001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
合格率 取得する秘訣はSPLK-5001認定試験エンジンPDF:https://www.goshiken.com/Splunk/SPLK-5001-mondaishu.html
今すぐ試そう!高評価Splunk SPLK-5001試験問題集:https://drive.google.com/open?id=1NNrM7qpF0Wy4ojoz_xP559l-t-olLFIf