Use this quick start guide to collect all the information about Splunk Cybersecurity Defense Analyst (SPLK-5001) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SPLK-5001 Splunk Certified Cybersecurity Defense Analyst exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Splunk Cybersecurity Defense Analyst certification exam.
The Splunk Cybersecurity Defense Analyst certification is mainly targeted to those candidates who want to build their career in Enterprise Security domain. The Splunk Certified Cybersecurity Defense Analyst exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Splunk Cybersecurity Defense Analyst.
Splunk Cybersecurity Defense Analyst Exam Summary:
| Exam Name | Splunk Certified Cybersecurity Defense Analyst |
| Exam Code | SPLK-5001 |
| Exam Price | $130 (USD) |
| Duration | 75 mins |
| Number of Questions | 66 |
| Passing Score | 700 / 1000 |
| Schedule Exam | Pearson VUE |
| Sample Questions | Splunk Cybersecurity Defense Analyst Sample Questions |
| Practice Exam | Splunk SPLK-5001 Certification Practice Exam |
Splunk SPLK-5001 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| The Cyber Landscape, Frameworks, and Standards |
- Summarize the organization of a typical SOC and the tasks belonging to Analyst, Engineer and Architect roles.
- Recognize common cyber industry controls, standards and frameworks and how Splunk incorporates those frameworks. - Describe key security concepts surrounding information assurance including confidentiality, integrity and availability and basic risk management. |
10% |
| Threat and Attack Types, Motivations, and Tactics |
- Recognize common types of attacks and attack vectors.
- Define common terms including supply chain attack, ransomware, registry, exfiltration, social engineering, DoS, DDoS, bot and botnet, C2, zero trust, account takeover, email compromise, threat actor, APT, adversary. - Identify the common tiers of Threat Intelligence and how they might be applied to threat analysis. - Outline the purpose and scope of annotations within Splunk Enterprise Security. - Define tactics, techniques and procedures and how they are regarded in the industry. |
20% |
| Defenses, Data Sources, and SIEM Best Practices |
- Identify common types of cyber defense systems, analysis tools and the most useful data sources for threat analysis.
- Describe SIEM best practices and basic operation concepts of Splunk Enterprise Security, including the interaction between CIM, Data Models and acceleration, Asset and Identity frameworks, and common CIM fields that may be used in investigations. - Describe how Splunk Security Essentials and Splunk Enterprise Security can be used to assess data sources, including common sourcetypes for on-prem and cloud based deployments and how to find content for a given sourcetype. |
20% |
| Investigation, Event Handling, Correlation, and Risk |
- Describe continuous monitoring and the five basic stages of investigation according to Splunk. - Explain the different types of analyst performance metrics such as MTTR and dwell time. - Demonstrate ability to recognize common event dispositions and correctly assign them. - Define terms and aspects of Splunk Enterprise Security and their uses including SPL, Notable Event, Risk Notable, Adaptive Response Action, Risk Object, Contributing Events.
- Identify common built-in dashboards in Enterprise Security and the basic information they contain.
- Understand and explain the essentials of Risk Based Alerting, the Risk framework and creating correlation searches within Enterprise Security. |
20% |
| SPL and Efficient Searching |
- Explain common SPL terms and how they can be used in security analysis, including TSTATS, TRANSACTION, FIRST/LAST, REX, EVAL, FOREACH, LOOKUP, and MAKERESULTS.
- Give examples of Splunk best practices for composing efficient searches. - Identify SPL resources included within ES, Splunk Security Essentials, and Splunk Lantern. |
20% |
| Threat Hunting and Remediation |
- Identify threat hunting techniques including configuration, modeling (anomalies), indicators, and behavioral analytics.
- Define long tail analysis, outlier detection, and some common steps of hypothesis hunting with Splunk. - Determine when to use adaptive response actions and configure them as needed. - Explain the use of SOAR playbooks and list the basic ways they can be triggered from Enterprise Security. |
10% |
To ensure success in Splunk Cybersecurity Defense Analyst certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Splunk Certified Cybersecurity Defense Analyst (SPLK-5001) exam.