Splunk
SPLK-5002 · Question #78
SPLK-5002 Question #78: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #78. The question stem and answer options stay visible for context.
Question
An engineer needs to create a new report capturing the vendors and products that detect a particular CVE in their environment. How can they ensure that their search associated with the report only includes accelerated data?
Options
- ASearch for the vendor_product within the Vulnerabilities data model, using the | tstats command.
- BSearch for the cve within the Vulnerabilities data model, using | tstats grouped by vendor_product
- CSearch for the vendor_product within the Updates data model, using the | tstats command.
- DSearch for the vendor_product within the Updates data model, using | tstats grouped by eve with
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.