nerdexam
Splunk

SPLK-5001 · Question #29

SPLK-5001 Question #29: Real Exam Question with Answer & Explanation

The correct answer is A. Least Frequency of Occurrence Analysis. See the full explanation below for the reasoning.

Question

A threat hunter generates a report containing the list of users who have logged in to a particular database during the last 6 months, along with the number of times they have each authenticated. They sort this list and remove any user names who have logged in more than 6 times. The remaining names represent the users who rarely log in, as their activity is more suspicious. The hunter examines each of these rare logins in detail. This is an example of what type of threat-hunting technique?

Options

  • ALeast Frequency of Occurrence Analysis
  • BCo-Occurrence Analysis
  • CTime Series Analysis
  • DOutlier Frequency Analysis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5001 Practice