Practice Free SPLK-5002 Exam Online Questions
What are the essential components of risk-based detections in Splunk?
- A . Risk modifiers, risk objects, and risk scores
- B . Summary indexing, tags, and event types
- C . Alerts, notifications, and priority levels
- D . Source types, correlation searches, and asset groups
Which REST API actions can Splunk perform to optimize automation workflows? (Choose two)
- A . POST for creating new data entries
- B . DELETE for archiving historical data
- C . GET for retrieving search results
- D . PUT for updating index configurations
A company wants to implement risk-based detection for privileged account activities.
What should they configure first?
- A . Asset and identity information for privileged accounts
- B . Correlation searches with low thresholds
- C . Event sampling for raw data
- D . Automated dashboards for all accounts
What methods improve risk and detection prioritization? (Choose three)
- A . Assigning risk scores to assets and events
- B . Using predefined alert templates
- C . Incorporating business context into decisions
- D . Automating detection tuning
- E . Enforcing strict search head resource limits
What is the primary purpose of correlation searches in Splunk?
- A . To extract and index raw data
- B . To identify patterns and relationships between multiple data sources
- C . To create dashboards for real-time monitoring
- D . To store pre-aggregated search results
Which Splunk feature helps in tracking and documenting threat trends over time?
- A . Event sampling
- B . Risk-based dashboards
- C . Summary indexing
- D . Data model acceleration
What is the main benefit of automating case management workflows in Splunk?
- A . Eliminating the need for manual alerts
- B . Enabling dynamic storage allocation
- C . Reducing response times and improving analyst productivity
- D . Minimizing the use of correlation searches
A security engineer is tasked with improving threat intelligence sharing within the company.
What is the most effective first step?
- A . Implement a real-time threat feed integration.
- B . Restrict access to external threat intelligence sources.
- C . Share raw threat data with all employees.
- D . Use threat intelligence only for executive reporting.
Which elements are critical for documenting security processes? (Choose two)
- A . Detailed event logs
- B . Visual workflow diagrams
- C . Incident response playbooks
- D . Customer satisfaction surveys
An engineer observes a delay in data being indexed from a remote location. The universal forwarder is configured correctly.
What should they check next?
- A . Review forwarder logs for queue blockages.
- B . Increase the indexer memory allocation.
- C . Optimize search head clustering.
- D . Reconfigure the props.conf file.