Splunk Exam SPLK-5002 Topic 5 Question 3 Discussion

Actual exam question for Splunk's SPLK-5002 exam

Question #: 3
Topic #: 5

[All SPLK-5002 Questions]

Which Splunk feature helps in tracking and documenting threat trends over time?

AEvent sampling

BRisk-based dashboards

CSummary indexing

DData model acceleration

Show Suggested Answer

Suggested Answer: B

Why Use Risk-Based Dashboards for Tracking Threat Trends?

Risk-based dashboards in Splunk Enterprise Security (ES) provide a structured way to track threats over time.

How Risk-Based Dashboards Help: Aggregate security events into risk scores Helps prioritize high-risk activities. Show historical trends of threat activity. Correlate multiple risk factors across different security events.

Example in Splunk ES: Scenario: A SOC team tracks insider threat activity over 6 months. The Risk-Based Dashboard shows:

Users with rising risk scores over time.

Patterns of malicious behavior (e.g., repeated failed logins + data exfiltration).

Correlation between different security alerts (e.g., phishing clicks malware execution).

Why Not the Other Options?

A. Event sampling -- Helps with performance optimization, not threat trend tracking. C. Summary indexing -- Stores precomputed data but is not designed for tracking risk trends. D. Data model acceleration -- Improves search speed, but doesn't track security trends.

Reference & Learning Resources

Splunk ES Risk-Based Alerting Guide: https://docs.splunk.com/Documentation/ES Tracking Security Trends Using Risk-Based Dashboards: https://splunkbase.splunk.com How to Build Risk-Based Analytics in Splunk: https://www.splunk.com/en_us/blog/security

by Jeniffer at Mar 23, 2025, 10:43 AM

Limited Time Offer

25%

13 days ago

Event sampling? That's like trying to catch a thief by sampling the cookies in the jar. Clearly, the answer is C - summary indexing!

upvoted 0 times

...