Splunk

SPLK-5001 · Question #99

SPLK-5001 Question #99: Real Exam Question with Answer & Explanation

The correct answer is D. A baseline.. In threat hunting, a “baseline” refers to a model of normal activity against which you compare current observations to identify significant deviations.

Question

A threat hunter creates a model of normal, expected activity on a portion of their network. Later, they compare observed activity against this model, looking for significant deviations. What is another name for this model?

Options

AA cluster.
BA time series.
CA data model.
DA baseline.

Explanation

In threat hunting, a “baseline” refers to a model of normal activity against which you compare current observations to identify significant deviations.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion

Full SPLK-5001 Practice