Splunk
SPLK-5002 · Question #80
SPLK-5002 Question #80: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #80. The question stem and answer options stay visible for context.
Question
The SOC notices over the course of an investigation there are numerous logs like the following: 14-Apr-2024 20:16:49.083 client 15.111.116.918*18345 UDP: query: reallybad.c2.com IN A response: SERVFAIL +E What detection should be created to alert on this behavior for the future?
Options
- AExcessive Endpoint Failures
- BExcessive Network Failures
- CExcessive Authentication Failures
- DExcessive DNS Failures
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.