Splunk
SPLK-5002 · Question #28
SPLK-5002 Question #28: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #28. The question stem and answer options stay visible for context.
Question
Which of the following should an engineer do as they evaluate their Threat Detection and Incident Response lifecycle?
Options
- AEvaluate the threat process lifecycle based on contextual business and industry knowledge.
- BUse the MITRE ATT&CK® framework to evaluate the organization's risk appetite.
- CFocus efforts on the least impactful threat vectors.
- DEvaluate the threat process lifecycle based on profit margins and MTTR.
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.