ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-5001 All Questions

View all questions & answers for the SPLK-5001 exam
Go to Exam

Exam SPLK-5001 topic 1 question 19 discussion

Actual exam question from Splunk's SPLK-5001
Question #: 19
Topic #: 1
[All SPLK-5001 Questions]

Splunk Enterprise Security has numerous frameworks to create correlations, integrate threat intelligence, and provide a workflow for investigations. Which framework raises the threat profile of individuals or assets to allow identification of people or devices that perform an unusual amount of suspicious activities?

  • A. Threat Intelligence Framework
  • B. Risk Framework
  • C. Notable Event Framework
  • D. Asset and Identity Framework
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by nosavotor at Sept. 26, 2024, 9:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
12la12
1 month ago
Selected Answer: D
The correct answer is: D. Asset and Identity Framework Explanation: The Asset and Identity Framework is specifically designed to raise the threat profile of individuals (identities) or devices (assets) by correlating events with contextual information. It achieves this by: Enriching raw events with metadata about assets (devices, servers) and identities (users, service accounts). Aggregating suspicious activities tied to specific entities (e.g., repeated failed logins from a user or unusual data transfers from a server). Providing contextual prioritization (e.g., flagging a high-risk activity if it involves a privileged account or a mission-critical server).
upvoted 1 times
...
nosavotor
6 months, 1 week ago
Wildcards are not efficient
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago