ExamGecko
Question list
Search
Search

Question 68 - SPLK-3001 discussion

Report
Export

Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

A.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
Answers
A.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
B.
From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.
Answers
B.
From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.
C.
In Enterprise Security, give the ess_user role the own Notable Events permission.
Answers
C.
In Enterprise Security, give the ess_user role the own Notable Events permission.
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.
Answers
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.
Suggested answer: B
asked 23/09/2024
Francisli Lilles
42 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first