Question 1

Which of the following are common sources of threat intelligence?

Options :

A : Open-source intelligence (OSINT)

B : Social media platforms

C : Security vendor reports

D : Security research papers

E : Security incident logs

F : Dark web forums

Answer: A,C,E,F

Question 2

What are common types of cyber defense systems used for threat analysis?

Options :

A : Intrusion Detection Systems (IDS)

B : Antivirus software

C : Security Information and Event Management (SIEM)

D : Endpoint Detection and Response (EDR)

Answer: A,C,D

Question 3

What is the purpose of hypothesis hunting with Splunk?

Options :

A : To generate random search queries

B :

To formulate and test theories about potential security threats

C : To validate network configurations

D : To automate security incident response

Answer: B

Question 4

What is the difference between a "Notable Event" and a "Risk Notable" in Splunk Enterprise Security?

Options :

A : They serve different purposes within the Splunk platform but are not related to security incidents.

B : A Notable Event indicates a significant security event that requires investigation, while a Risk Notable signifies an event with elevated risk based on threat intelligence or risk scoring.

C : A Notable Event signifies an event with elevated risk based on threat intelligence or risk scoring, while a Risk Notable indicates a significant security event that requires investigation.

D : They are synonymous terms used interchangeably in Splunk Enterprise Security.

Answer: B

Question 5

What is the purpose of the CIM (Common Information Model) in Splunk?

Options :

A : To automate security incident response

B : To encrypt sensitive information in logs

C : To provide a standard framework for organizing and normalizing data

D : To generate visualizations for data analysis

Answer: C