ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-5001 All Questions

View all questions & answers for the SPLK-5001 exam
Go to Exam

Exam SPLK-5001 topic 1 question 31 discussion

Actual exam question from Splunk's SPLK-5001
Question #: 31
Topic #: 1
[All SPLK-5001 Questions]

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

  • A. host
  • B. dest
  • C. src_nt_host
  • D. src_ip
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by nosavotor at Sept. 26, 2024, 9:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
supremesplunker
1 week, 6 days ago
Selected Answer: D
It has to be D because host is for Splunk audit logs. dest, obviously not. src_nt_host is for network sessions (DHCP and VPN traffic), so by getting rid of all the options, must be D.
upvoted 1 times
...
nosavotor
3 months, 4 weeks ago
Im not sure how to respond to that
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago