Splunk Exam SPLK-5001 Topic 2 Question 17 Discussion

Actual exam question for Splunk's SPLK-5001 exam

Question #: 17
Topic #: 2

An analyst is investigating a network alert for suspected lateral movement from one Windows host to another Windows host. According to Splunk CIM documentation, the IP address of the host from which the attacker is moving would be in which field?

Ahost

Bdest

Csrc_nt_host

Dsrc_ip

Show Suggested Answer

Suggested Answer: D

by Casie at Jan 22, 2025, 02:34 AM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Donette

5 days ago

I believe it should be in the dest field.

upvoted 0 times

...

Gayla

7 days ago

I think the IP address of the host would be in the src_ip field.

upvoted 0 times

...