Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-5001 Topic 4 Question 18 Discussion

Actual exam question for Splunk's SPLK-5001 exam
Question #: 18
Topic #: 4
[All SPLK-5001 Questions]

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Timothy at Feb 09, 2025, 01:24 PM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jesus
4 days ago
I'm not sure, but I think it could also be C) Network traffic, as it could provide information on the network connection.
upvoted 0 times
...
Sena
9 days ago
I agree with Viola, because the Endpoint data model would show which process initiated the connection.
upvoted 0 times
...
Viola
10 days ago
I think the answer is A) Endpoint.
upvoted 0 times
...

Save Cancel