Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-5001 Topic 4 Question 18 Discussion

Actual exam question for Splunk's SPLK-5001 exam
Question #: 18
Topic #: 4
[All SPLK-5001 Questions]

An analyst investigates an IDS alert and confirms suspicious traffic to a known malicious IP. What Enterprise Security data model would they use to investigate which process initiated the network connection?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Timothy at Feb 09, 2025, 01:24 PM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Karina
2 months ago
Hey, I bet the answer is D) Web! You know, because the IDS alert was about 'suspicious traffic', and we all know the web is just one big suspicious place, am I right?
upvoted 0 times
Hector
11 days ago
D) Web
upvoted 0 times
...
Stevie
17 days ago
C) Network traffic
upvoted 0 times
...
Laurel
26 days ago
B) Authentication
upvoted 0 times
...
Norah
27 days ago
A) Endpoint
upvoted 0 times
...
...
Wayne
2 months ago
Ah, this one's a no-brainer. The answer is definitely C) Network traffic. I'd be shocked if it was anything else!
upvoted 0 times
Goldie
27 days ago
User 3: It's important to analyze network traffic data to identify the source of suspicious activity.
upvoted 0 times
...
Arthur
1 months ago
User 2: Yeah, that makes sense. Network traffic data would show which process initiated the connection.
upvoted 0 times
...
Lashon
1 months ago
User 1: I agree, the answer is definitely C) Network traffic.
upvoted 0 times
...
...
Carry
3 months ago
Aha, gotta be C) Network traffic! That's the obvious choice here. Maybe the exam writers are trying to trick us, but I'm sticking with my gut on this one.
upvoted 0 times
Emiko
1 months ago
I'm not sure, but I'll go with D) Web just to mix things up.
upvoted 0 times
...
Wilda
1 months ago
I'm going with C) Network traffic too, seems like the most logical option.
upvoted 0 times
...
Shala
1 months ago
I think it's A) Endpoint, that's where I would start looking.
upvoted 0 times
...
An
2 months ago
User 3: I'm with An on this one, C) Network traffic seems like the right choice here.
upvoted 0 times
...
Millie
2 months ago
User 2: I disagree, I'm going with C) Network traffic. It just makes more sense to me.
upvoted 0 times
...
Hannah
2 months ago
User 1: I think it's A) Endpoint, that's where I would start looking.
upvoted 0 times
...
...
Delisa
3 months ago
Haha, this is a tricky one! I bet the answer is C) Network traffic. I mean, what else would you use to investigate a network-based IDS alert, right?
upvoted 0 times
...
Abel
3 months ago
Hmm, I think the answer here is C) Network traffic. That's where I'd expect to find information about the network connection that triggered the IDS alert.
upvoted 0 times
Audria
2 months ago
I think both C) Network traffic and A) Endpoint would be important for a thorough investigation.
upvoted 0 times
...
Vivienne
2 months ago
That's true, A) Endpoint could also help identify the process responsible for the network connection.
upvoted 0 times
...
Dyan
2 months ago
But wouldn't A) Endpoint also be useful to see which process initiated the connection?
upvoted 0 times
...
Margurite
3 months ago
I agree, C) Network traffic would provide details about the suspicious connection.
upvoted 0 times
...
...
Jesus
3 months ago
I'm not sure, but I think it could also be C) Network traffic, as it could provide information on the network connection.
upvoted 0 times
...
Sena
3 months ago
I agree with Viola, because the Endpoint data model would show which process initiated the connection.
upvoted 0 times
...
Viola
3 months ago
I think the answer is A) Endpoint.
upvoted 0 times
...

Save Cancel