SPLK-5001 exam

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?A . Host-based firewallB . Web proxyC . Endpoint Detection and ResponseD . Intrusion Detection SystemView AnswerAnswer: D

In which phase of the Continuous Monitoring cycle are suggestions and improvements typically made?A . Define and PredictB . Establish and ArchitectC . Analyze and ReportD . Implement and CollectView AnswerAnswer: C

According to David Bianco's Pyramid of Pain, which indicator type is least effective when used in continuous monitoring?A . Domain namesB . TTPsC . NetworM-lost artifactsD . Hash valuesView AnswerAnswer: D

During their shift, an analyst receives an alert about an executable being run from C:WindowsTemp. Why should this be investigated further?A . Temp directories aren't owned by any particular user, making it difficult to track the process owner when files are executed.B . Temp directories are flagged as non-executable, meaning...

An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn’t seem to be any associated increase in incoming traffic. What type of threat actor activity might this represent?A . Data exfiltrationB...

What device typically sits at a network perimeter to detect command and control and other potentially suspicious traffic?A . Host-based firewallB . Web proxyC . Endpoint Detection and ResponseD . Intrusion Detection SystemView AnswerAnswer: D