Free Splunk Certified Cybersecurity Defense Analyst Exam SPLK-5001 Exam Practice Test

Which of the following is considered Personal Data under GDPR?

• The birth date of an unidentified user.
• An individual's address including their first and last name.
• The name of a deceased individual.
• A company's registration number.

According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?

• username
• src_user_id
• src_user
• dest_user

What is the main difference between a DDoS and a DoS attack?

• A DDoS attack is a type of physical attack, while a DoS attack is a type of cyberattack.
• A DDoS attack uses a single source to target a single system, while a DoS attack uses multiple sources to target multiple systems.
• A DDoS attack uses multiple sources to target a single system, while a DoS attack uses a single source to target a single or multiple systems.
• A DDoS attack uses a single source to target multiple systems, while a DoS attack uses multiple sources to target a single system.

Which pre-packaged app delivers security content and detections on a regular, ongoing basis for Enterprise Security and SOAR?

• SSE
• ESCU
• Threat Hunting
• InfoSec

Which of the following Splunk Enterprise Security features allows industry frameworks such as CIS Critical Security Controls, MITRE ATT&CK, and the Lockheed Martin Cyber Kill Chain® to be mapped to Correlation Search results?

• Annotations
• Playbooks
• Comments
• Enrichments

How are Notable Events configured in Splunk Enterprise Security?

• During an investigation.
• As part of an audit.
• Via an Adaptive Response Action in a regular search.
• Via an Adaptive Response Action in a correlation search.

A Cyber Threat Intelligence (CTI) team delivers a briefing to the CISO detailing their view of the threat landscape the organization faces. This is an example of what type of Threat Intelligence?

• Tactical
• Strategic
• Operational
• Executive

Which of the following is not considered an Indicator of Compromise (IOC)?

• A specific domain that is utilized for phishing.
• A specific IP address used in a cyberattack.
• A specific file hash of a malicious executable.
• A specific password for a compromised account.

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?

• Define and Predict
• Establish and Architect
• Analyze and Report
• Implement and Collect

An analyst would like to test how certain Splunk SPL commands work against a small set of data. What command should start the search pipeline if they wanted to create their own data instead of utilizing data contained within Splunk?

• makeresults
• rename
• eval
• stats