Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Splunk Exam SPLK-5001 Topic 4 Question 18 Discussion

Actual exam question for Splunk's SPLK-5001 exam
Question #: 18
Topic #: 4
[All SPLK-5001 Questions]

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Timothy at Feb 09, 2025, 01:24 PM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Abel
2 days ago
Hmm, I think the answer here is C) Network traffic. That's where I'd expect to find information about the network connection that triggered the IDS alert.
upvoted 0 times
...
Jesus
13 days ago
I'm not sure, but I think it could also be C) Network traffic, as it could provide information on the network connection.
upvoted 0 times
...
Sena
18 days ago
I agree with Viola, because the Endpoint data model would show which process initiated the connection.
upvoted 0 times
...
Viola
19 days ago
I think the answer is A) Endpoint.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77