
Splunk Certified Cybersecurity Defense Engineer - SPLK-5002 Exam Questions
QUESTION NO: 1
Which fields are used to determine asset priority, when priority is assigned through an asset and identity lookup?
Which fields are used to determine asset priority, when priority is assigned through an asset and identity lookup?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
When developing security metrics, why would a Key Performance Indicator (KPI) that focuses on total perimeter firewall blocks be an ineffective metric?
When developing security metrics, why would a Key Performance Indicator (KPI) that focuses on total perimeter firewall blocks be an ineffective metric?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
Which sourcetype configurations affect data ingestion? (Choose three)
Which sourcetype configurations affect data ingestion? (Choose three)
Correct Answer: B,C,D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
In the context of Splunk's Common Information Model (CIM), which constraint ensures that events from different data sources appear in the applicable data model?
In the context of Splunk's Common Information Model (CIM), which constraint ensures that events from different data sources appear in the applicable data model?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
The following SPL is designed to report on a certain SOC metric. Which metric is the most likely topic for this report?

The following SPL is designed to report on a certain SOC metric. Which metric is the most likely topic for this report?

Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
A detection engineer is using a threat defense informed strategy to define use cases. Which Splunk app would best facilitate their use case development process by cross referencing detections with the MITRE ATT&CK Framework?
A detection engineer is using a threat defense informed strategy to define use cases. Which Splunk app would best facilitate their use case development process by cross referencing detections with the MITRE ATT&CK Framework?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).




