Splunk Updated SPLK-5001 Exam Questions and Answers by artie

Web Proxy Logsare the most direct and relevant data source for determining whether a user visited a malicious website. Proxy servers act as intermediaries for user HTTP/HTTPS requests and record detailed metadata about web traffic including URLs visited, timestamps, user IDs, and other HTTP headers.

Web Proxy Logsprovide explicit visibility into outbound web requests from users, which is essential for detecting visits to malicious domains or IPs.

Active Directory Logstrack authentication and directory service activities but do not record web browsing data.

Intrusion Detection Logsmonitor suspicious network or host behaviors but may not have precise records of web destinations.

Web Server Logslog incoming requests to a specific server but do not reflect user browsing outside that server.

Splunk’s security analyst documentation emphasizes leveraging proxy logs for user activity tracking and threat detection related to web-based threats.

Tacticsare the overarching objectives or strategies attackers use during their operations, whiletechniquesare the specific methods used to achieve these tactics. In this case,gathering information about a target(often referred to as Reconnaissance) is atacticbecause it represents a high-level objective of understanding the target. The other options provided (persistence, phishing, privilege escalation) are specifictechniquesused to achieve the broader goals or tactics.