SPLK-5002 시험 - Splunk실제시험문제와 답 - 85문항

Question No : 1

What are the key components of Splunk’s indexing process? (Choose three)

A.Parsing
B.Searching
C.Indexing
D.Alerting
E.Input phase

정답:

Question No : 2

What is the main purpose of incorporating threat intelligence into a security program?

A.To automate response workflows
B.To proactively identify and mitigate potential threats
C.To generate incident reports for stakeholders
D.To archive historical events for compliance

정답:

Question No : 3

How can you ensure that a specific sourcetype is assigned during data ingestion?

A.Use props.conf to specify the sourcetype.
B.Define the sourcetype in the search head.
C.Configure the sourcetype in the deployment server.
D.Use REST API calls to tag sourcetypes dynamically.

정답:

Question No : 4

A cybersecurity engineer notices a delay in retrieving indexed data during a security incident investigation. The Splunk environment has multiple indexers but only one search head.
Which approach can resolve this issue?

A.Increase search head memory allocation.
B.Optimize search queries to use tstats instead of raw searches.
C.Configure a search head cluster to distribute search queries.
D.Implement accelerated data models for faster querying.

정답:

Question No : 5

What Splunk process ensures that duplicate data is not indexed?

A.Data deduplication
B.Metadata tagging
C.Indexer clustering
D.Event parsing

정답:

Question No : 6

What is the primary function of a Lean Six Sigma methodology in a security program?

A.Automating detection workflows
B.Optimizing processes for efficiency and effectiveness
C.Monitoring the performance of detection searches
D.Enhancing user activity logs

정답:

Question No : 7

Which REST API method is used to retrieve data from a Splunk index?

A.POST
B.GET
C.PUT
D.DELETE

정답:

Question No : 8

What elements are critical for developing meaningful security metrics? (Choose three)

A.Relevance to business objectives
B.Regular data validation
C.Visual representation through dashboards
D.Avoiding integration with third-party tools
E.Consistent definitions for key terms

정답:

Question No : 9

What is a key advantage of using SOAR playbooks in Splunk?

A.Manually running searches across multiple indexes
B.Automating repetitive security tasks and processes
C.Improving dashboard visualization capabilities
D.Enhancing data retention policies

정답:

Question No : 10

Which elements are critical for documenting security processes? (Choose two)

A.Detailed event logs
B.Visual workflow diagrams
C.Incident response playbooks
D.Customer satisfaction surveys

정답:

Question No : 11

Which Splunk configuration ensures events are parsed and indexed only once for optimal storage?

A.Summary indexing
B.Universal forwarder
C.Index time transformations
D.Search head clustering

정답:

Question No : 12

A company’s Splunk setup processes logs from multiple sources with inconsistent field naming conventions.
How should the engineer ensure uniformity across data for better analysis?

A.Create field extraction rules at search time.
B.Use data model acceleration for real-time searches.
C.Apply Common Information Model (CIM) data models for normalization.
D.Configure index-time data transformations.

정답:

Question No : 13

What is the main purpose of Splunk's Common Information Model (CIM)?

A.To extract fields from raw events
B.To normalize data for correlation and searches
C.To compress data during indexing
D.To create accelerated reports

정답:

Question No : 14

Which REST API actions can Splunk perform to optimize automation workflows? (Choose two)

A.POST for creating new data entries
B.DELETE for archiving historical data
C.GET for retrieving search results
D.PUT for updating index configurations

정답:

Question No : 15

Which actions can optimize case management in Splunk? (Choose two)

A.Standardizing ticket creation workflows
B.Increasing the indexing frequency
C.Integrating Splunk with ITSM tools
D.Reducing the number of search heads

정답:

Splunk SPLK-5002 시험