nerdexam
Splunk

SPLK-5002 · Question #16

SPLK-5002 Question #16: Real Exam Question with Answer & Explanation

The correct answer is D. Use a SOAR playbook to handle the Splunk Attack Analyzer submission and data collection. The most efficient approach is to use a SOAR playbook to automatically handle the Splunk Attack Analyzer submission and data collection steps, then present the results to the assigned analyst. This reduces manual effort, accelerates phishing investigation workflows, and aligns di

Question

A SOC's Incident Response Standard Operating Procedure (SOP) calls for any phishing emails containing files to be detonated in Splunk Attack Analyzer for evaluation. Which of the following can an engineer implement to gain efficiency through automation?

Options

  • AAutomatically send all findings containing the tag "phishing" to create an email notification for the
  • BUse a SOAR playbook to submit the email to PhishTank, which will automatically handle the
  • CAutomatically assign findings containing the tag "phishing" to analysts to speed up the start of
  • DUse a SOAR playbook to handle the Splunk Attack Analyzer submission and data collection

Explanation

The most efficient approach is to use a SOAR playbook to automatically handle the Splunk Attack Analyzer submission and data collection steps, then present the results to the assigned analyst. This reduces manual effort, accelerates phishing investigation workflows, and aligns directly with

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5002 Practice