Practice Free SPLK-5002 Exam Online Questions
Question #21
Which action improves the effectiveness of notable events in Enterprise Security?
- A . Applying suppression rules for false positives
- B . Disabling scheduled searches
- C . Using only raw log data in searches
- D . Limiting the search scope to one index
Correct Answer: A
Question #22
Which report type is most suitable for monitoring the success of a phishing campaign detection program?
- A . Weekly incident trend reports
- B . Real-time notable event dashboards
- C . Risk score-based summary reports
- D . SLA compliance reports
Correct Answer: A
Question #23
A security team notices delays in responding to phishing emails due to manual investigation processes.
How can Splunk SOAR improve this workflow?
- A . By prioritizing phishing cases manually
- B . By automating email triage and analysis with playbooks
- C . By assigning cases to analysts in real-time
- D . By increasing the indexing frequency of email logs
Correct Answer: B
Question #24
What methods improve the efficiency of Splunk’s automation capabilities? (Choose three)
- A . Using modular inputs
- B . Optimizing correlation search queries
- C . Leveraging saved search acceleration
- D . Implementing low-latency indexing
- E . Employing prebuilt SOAR playbooks
Correct Answer: ACE
Question #25
What are critical elements of an effective incident report? (Choose three)
- A . Timeline of events
- B . Financial implications of the incident
- C . Steps taken to resolve the issue
- D . Names of all employees involved
- E . Recommendations for future prevention
Correct Answer: ACE