Splunk
SPLK-5001 · Question #66
SPLK-5001 Question #66: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5001 to reveal the answer and full explanation for question #66. The question stem and answer options stay visible for context.
Question
A threat hunter executed a hunt based on the following hypothesis: As an actor, I want to plant rundll32 for proxy execution of malicious code and leverage Cobalt Strike for Command and Control. Relevant logs and artifacts such as Sysmon, netflow, IDS alerts, and EDR logs were searched, and the hunter is confident in the conclusion that Cobalt Strike is not present in the company's environment. Which of the following best describes the outcome of this threat hunt?
Options
- AThe threat hunt was successful because the hypothesis was not proven.
- BThe threat hunt failed because the hypothesis was not proven.
- CThe threat hunt failed because no malicious activity was identified.
- DThe threat hunt was successful in providing strong evidence that the tactic and tool is not present
Unlock SPLK-5001 to see the answer
You've previewed enough free SPLK-5001 questions. Unlock SPLK-5001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.