SPLK-5002 Exam Questions

Which field in the risk index is used to describe the activity within a finding?

Which REST call will show a list of alerts with their specific commands, app, and title?

A Splunk administrator needs to integrate a third-party vulnerability management tool to automate remediation workflows. What is the most efficient first step?

Which sourcetype configurations affect data ingestion? (Choose three)

What is a key feature of effective security reports for stakeholders?

Which Splunk feature enables integration with third-party tools for automated response actions?

Which action improves the effectiveness of notable events in Enterprise Security?

What field is used by default to direct data into CIM data model datasets?

An engineer receives a report that the "Traffic over time by action" dashboard is not populating. It has been confirmed that the relevant logs are being ingested properly and they...

What should a security engineer prioritize when building a new security process?

Which features of Splunk are crucial for tuning correlation searches? (Choose three)

A security analyst wants to validate whether a newly deployed SOAR playbook is performing as expected. What steps should they take?

What are the benefits of incorporating asset and identity information into correlation searches? (Choose two)

A company wants to implement risk-based detection for privileged account activities. What should they configure first?

In which threat intelligence KV store would a list of malicious domains (FQDNs) be stored?

When building a metrics dashboard for the SOC manager, which metric would represent how long it takes to fully complete an investigation?

During a ransomware attack, an adversary might add a default user and password in registry, modify the wallpaper, and create bulk ransomware notes across multiple machines. What is...