The United States Department of Defense (DoD) requires all government contractors to provide adequate security safeguards referenced in National Institute of Standards and Technology (NIST) 800-171. All DoD contractors must continually reassess, monitor, and track compliance to be able to do business with the US government.
Which feature of Splunk Enterprise Security provides an analyst context for the correlation search mapping to the specific NIST guidelines?
A. Annotations
B. Framework mapping
C. Comments
D. Moles
正解:B
質問 2:
An analyst discovers she has only raw data from a source. She believes that it could be of great value to future analysis efforts if it were available to existing correlation searches and reports.
What process should the analyst suggest be performed for that source?
A. Asset and Identity evaluation via Splunk Enterprise Security.
B. Data ingestion via Splunk Security Essentials.
C. Common Information Model normalization via a Splunk Add-On.
D. Data ingest evaluation via Splunk Enterprise.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following data sources would be most useful to determine if a user visited a recently identified malicious website?
A. Web Proxy Logs
B. Web Server Logs
C. Intrusion Detection Logs
D. Active Directory Logs
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?
A. NetworM-lost artifacts
B. Domain names
C. TTPs
D. Hash values
正解:D
質問 5:
Tactics, Techniques, and Procedures (TTPs) are methods or behaviors utilized by attackers. In which framework are these categorized?
A. MITRE ATT&CK
B. NIST 800-53
C. ISO 27000
D. CIS18
正解:A
質問 6:
Which of the following Splunk terms describes a group of standard field names and values that categorize data in a way that makes it easier to work with, especially when dealing with multiple data sources?
A. Field model
B. Standard model
C. Threat model
D. Data model
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
969 お客様のコメント





保谷** -
本当に助けになりました。これを使ってSPLK-5001不合格になるわけがないよ