nerdexam
Splunk

SPLK-5002 · Question #94

SPLK-5002 Question #94: Real Exam Question with Answer & Explanation

The correct answer is B. NOT (src_ip IN (151.157.30.0/24, 26.06.18.0/24)). To exclude all company networks from the search, the macro should negate the source IPs using NOT (src_ip IN (...)). This ensures that any traffic originating from the specified company networks is filtered out of the results.

Question

Which of the following macro values will exclude all of the company networks if it is called from the following search? index=firewall sourcetype=pan:traffic NOT "company_networks"

Options

  • A(src_ip IN (151.157.30.0/24, 26.06.18.0/24))
  • BNOT (src_ip IN (151.157.30.0/24, 26.06.18.0/24))
  • CNOT (src_ip=151.157.30.0/24 AND src_ip=26.06.18.0/24)
  • D(src_ip=151.157.30.0/24 AND src_ip=26.06.18.0/24)

Explanation

To exclude all company networks from the search, the macro should negate the source IPs using NOT (src_ip IN (...)). This ensures that any traffic originating from the specified company networks is filtered out of the results.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-5002 Practice