nerdexam
Splunk

SPLK-5002 · Question #47

SPLK-5002 Question #47: Real Exam Question with Answer & Explanation

The correct answer is C. As defined by the established detection lifecycle.. A detection should be reviewed or retuned as defined by the established detection lifecycle (DDLC). This ensures detections are consistently evaluated for accuracy, effectiveness, and alignment with evolving threats, rather than only reacting to false positives or inactivity.

Question

When should a detection be reviewed or retuned after deployment?

Options

  • AEvery 30 days.
  • BOnly if it has generated a large amount of false positives.
  • CAs defined by the established detection lifecycle.
  • DOnly if it hasn't generated a finding after several weeks.

Explanation

A detection should be reviewed or retuned as defined by the established detection lifecycle (DDLC). This ensures detections are consistently evaluated for accuracy, effectiveness, and alignment with evolving threats, rather than only reacting to false positives or inactivity.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5002 Practice