New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk SPLK-5001 Exam - Topic 4 Question 18 Discussion

Actual exam question for Splunk's SPLK-5001 exam
Question #: 18
Topic #: 4
[All SPLK-5001 Questions]

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Timothy at Feb 09, 2025, 01:24 PM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Eveline
3 months ago
Authentication? Not sure how that fits in this scenario.
upvoted 0 times
...
Marta
3 months ago
100% agree, Endpoint is the way to go!
upvoted 0 times
...
Winifred
3 months ago
Wait, can you really trace it back to a process? Sounds tricky.
upvoted 0 times
...
Mattie
4 months ago
I think Network traffic makes more sense here.
upvoted 0 times
...
Aliza
4 months ago
Definitely going with Endpoint for this one.
upvoted 0 times
...
Twana
4 months ago
I lean towards the Endpoint model too, but I wonder if the Web model might have some insights on the traffic patterns.
upvoted 0 times
...
Lindsey
4 months ago
I practiced a similar question, and I feel like the Authentication model could be relevant, but it seems more focused on user logins.
upvoted 0 times
...
Dick
4 months ago
I'm not entirely sure, but I remember something about the Network traffic model being useful for analyzing connections.
upvoted 0 times
...
Terrilyn
5 months ago
I think we might need the Endpoint data model since it should show which process made the connection, right?
upvoted 0 times
...
Vincenza
5 months ago
Hmm, this is a tricky one. I'm torn between Endpoint and Network traffic. I feel like the Endpoint data model would have the most detailed information about the process, but the Network traffic model might also provide relevant details. I'll have to think this through a bit more.
upvoted 0 times
...
Catarina
5 months ago
I'm pretty confident the answer is Endpoint. The question is focused on identifying the process that initiated the suspicious network activity, and the Endpoint data model would be the most relevant for that kind of investigation.
upvoted 0 times
...
Gwenn
5 months ago
Okay, let's see here. The question is asking about the data model used to investigate the process that initiated a network connection, and the options are Endpoint, Authentication, Network traffic, and Web. I think Endpoint is the best choice, as it would contain information about the specific process that made the connection.
upvoted 0 times
...
Amber
5 months ago
Hmm, I'm a bit unsure about this one. I'm trying to think through the different data models and which one would be most relevant for investigating the process behind a network connection. I'm leaning towards Endpoint, but I want to double-check my understanding before answering.
upvoted 0 times
...
Adela
5 months ago
This looks like a straightforward question about enterprise security data models. I think the answer is Endpoint, since the question is asking about the process that initiated the network connection, and the Endpoint data model would contain that information.
upvoted 0 times
...
Karina
9 months ago
Hey, I bet the answer is D) Web! You know, because the IDS alert was about 'suspicious traffic', and we all know the web is just one big suspicious place, am I right?
upvoted 0 times
Hector
8 months ago
D) Web
upvoted 0 times
...
Stevie
8 months ago
C) Network traffic
upvoted 0 times
...
Laurel
8 months ago
B) Authentication
upvoted 0 times
...
Norah
8 months ago
A) Endpoint
upvoted 0 times
...
...
Wayne
10 months ago
Ah, this one's a no-brainer. The answer is definitely C) Network traffic. I'd be shocked if it was anything else!
upvoted 0 times
Goldie
8 months ago
User 3: It's important to analyze network traffic data to identify the source of suspicious activity.
upvoted 0 times
...
Arthur
8 months ago
User 2: Yeah, that makes sense. Network traffic data would show which process initiated the connection.
upvoted 0 times
...
Lashon
9 months ago
User 1: I agree, the answer is definitely C) Network traffic.
upvoted 0 times
...
...
Carry
10 months ago
Aha, gotta be C) Network traffic! That's the obvious choice here. Maybe the exam writers are trying to trick us, but I'm sticking with my gut on this one.
upvoted 0 times
Emiko
8 months ago
I'm not sure, but I'll go with D) Web just to mix things up.
upvoted 0 times
...
Wilda
8 months ago
I'm going with C) Network traffic too, seems like the most logical option.
upvoted 0 times
...
Shala
9 months ago
I think it's A) Endpoint, that's where I would start looking.
upvoted 0 times
...
An
9 months ago
User 3: I'm with An on this one, C) Network traffic seems like the right choice here.
upvoted 0 times
...
Millie
9 months ago
User 2: I disagree, I'm going with C) Network traffic. It just makes more sense to me.
upvoted 0 times
...
Hannah
9 months ago
User 1: I think it's A) Endpoint, that's where I would start looking.
upvoted 0 times
...
...
Delisa
10 months ago
Haha, this is a tricky one! I bet the answer is C) Network traffic. I mean, what else would you use to investigate a network-based IDS alert, right?
upvoted 0 times
...
Abel
10 months ago
Hmm, I think the answer here is C) Network traffic. That's where I'd expect to find information about the network connection that triggered the IDS alert.
upvoted 0 times
Audria
9 months ago
I think both C) Network traffic and A) Endpoint would be important for a thorough investigation.
upvoted 0 times
...
Vivienne
9 months ago
That's true, A) Endpoint could also help identify the process responsible for the network connection.
upvoted 0 times
...
Dyan
9 months ago
But wouldn't A) Endpoint also be useful to see which process initiated the connection?
upvoted 0 times
...
Margurite
10 months ago
I agree, C) Network traffic would provide details about the suspicious connection.
upvoted 0 times
...
...
Jesus
10 months ago
I'm not sure, but I think it could also be C) Network traffic, as it could provide information on the network connection.
upvoted 0 times
...
Sena
11 months ago
I agree with Viola, because the Endpoint data model would show which process initiated the connection.
upvoted 0 times
...
Viola
11 months ago
I think the answer is A) Endpoint.
upvoted 0 times
...

Save Cancel