Free Splunk SPLK-5001 Exam Actual Questions

The questions for SPLK-5001 were last updated On Nov 7, 2024

Question No. 1

Upon investigating a report of a web server becoming unavailable, the security analyst finds that the web server's access log has the same log entry millions of times:

147.186.119.200 - - [28/Jul/2023:12:04:13 -0300] "GET /login/ HTTP/1.0" 200 3733

What kind of attack is occurring?

Show Answer Hide Answer
Correct Answer: B

Question No. 2

Which of the following is the primary benefit of using the CIM in Splunk?

Show Answer Hide Answer
Correct Answer: A

Question No. 3

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

A Forming hypothesis for Threat Hunting

Show Answer Hide Answer
Correct Answer: D

Question No. 4

Which of the following is not a component of the Splunk Security Content library (ESCU, SSE)?

Show Answer Hide Answer
Correct Answer: D

Question No. 5

During their shift, an analyst receives an alert about an executable being run from C:\Windows\Temp. Why should this be investigated further?

Show Answer Hide Answer
Correct Answer: D