Which of the following is not considered an Indicator of Compromise (IOC)?
#61
Answer: D✅ Correct❌ Incorrect
According to Splunk CIM documentation, which field in the Authentication Data Model represents the user who initiated a privilege escalation?
#62
Answer: C✅ Correct❌ Incorrect
The following list contains examples of Tactics, Techniques, and Procedures (TTPs):1. Exploiting a remote service2. Lateral movement3. Use EternalBlue to exploit a remote SMB serverIn which order are they listed below?
#63
Answer: A✅ Correct❌ Incorrect
An analyst is attempting to investigate a Notable Event within Enterprise Security. Through the course of their investigation they determined that the logs and artifacts needed to investigate the alert are not available.What event disposition should the analyst assign to the Notable Event?
#64
Answer: D✅ Correct❌ Incorrect
An analyst is looking at Web Server logs, and sees the following entry as the last web request that a server processed before unexpectedly shutting down:147.186.119.107 - - [28/Jul/2006:10:27:10 -0300] "POST /cgi-bin/shutdown/ HTTP/1.0" 200 3333What kind of attack is most likely occurring?
#65
Answer: B✅ Correct❌ Incorrect
Which of the Enterprise Security frameworks provides additional automatic context and correlation to fields that exist within raw data?
#66
Answer: A✅ Correct❌ Incorrect
A user wants to view only the use cases for which the Splunk instance has all of the supporting source types to implement. In Splunk Security Essentials, what operation needs to happen first?
#67
Answer: A✅ Correct❌ Incorrect
Enterprise Security has been configured to generate a Notable Event when a user has quickly authenticated from multiple locations between which travel would be impossible. This would be considered what kind of an anomaly?