Splunk
SPLK-5002 · Question #93
SPLK-5002 Question #93: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #93. The question stem and answer options stay visible for context.
Question
A new playbook needs to be developed for automated phishing analysis and response. Configured in SOAR are integrations with Splunk Enterprise Security and actions from assets that pull in user-reported emails, perform automated threat analysis, add blocks on the proxy, and an EDR vendor to take various actions. Which would be the best workflow for the new playbook?
Options
- A
- Ingest the email from the mail vendor
- B
- Submit the user reported email from Splunk Enterprise Security
- C
- Submit the email from Splunk Enterprise Security
- D
- Ingest the email from the mail vendor
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.