ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Which data model populated the panels on the Risk Analysis dashboard?
Where is the Add-On Builder available from?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?
Where is it possible to export content, such as correlation searches, from ES?
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?
What feature of Enterprise Security downloads threat intelligence data from a web server?

Question 91

Report
Export
Collapse

A set of correlation searches are enabled at a new ES installation, and results are being monitored.

One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.

What is a solution for this issue?

A.
Suppress notable events from that correlation search.
A.
Suppress notable events from that correlation search.
Answers
B.
Disable acceleration for the correlation search to reduce storage requirements.
B.
Disable acceleration for the correlation search to reduce storage requirements.
Answers
C.
Modify the correlation schedule and sensitivity for your site.
C.
Modify the correlation schedule and sensitivity for your site.
Answers
D.
Change the correlation search's default status and severity.
D.
Change the correlation search's default status and severity.
Answers
Suggested answer: A

Question 92

Report
Export
Collapse

Where is detailed information about identities stored?

A.
The Identity Investigator index.
A.
The Identity Investigator index.
Answers
B.
The Access Anomalies collection.
B.
The Access Anomalies collection.
Answers
C.
The User Activity index.
C.
The User Activity index.
Answers
D.
The Identity Lookup CSV file.
D.
The Identity Lookup CSV file.
Answers
Suggested answer: C

Question 93

Report
Export
Collapse

Which two fields combine to create the Urgency of a notable event?

A.
Priority and Severity.
A.
Priority and Severity.
Answers
B.
Priority and Criticality.
B.
Priority and Criticality.
Answers
C.
Criticality and Severity.
C.
Criticality and Severity.
Answers
D.
Precedence and Time.
D.
Precedence and Time.
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/User/Howurgencyisassigned

Question 94

Report
Export
Collapse

Which columns in the Assets lookup are used to identify an asset in an event?

A.
src, dvc, dest
A.
src, dvc, dest
Answers
B.
cidr, port, netbios, saml
B.
cidr, port, netbios, saml
Answers
C.
ip, mac, dns, nt_host
C.
ip, mac, dns, nt_host
Answers
D.
host, hostname, url, address
D.
host, hostname, url, address
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Formatassetoridentitylist

Question 95

Report
Export
Collapse

What does the summariesonly=true option do for a correlation search?

A.
Searches only accelerated data.
A.
Searches only accelerated data.
Answers
B.
Forwards summary indexes to the indexing tier.
B.
Forwards summary indexes to the indexing tier.
Answers
C.
Uses a default summary time range.
C.
Uses a default summary time range.
Answers
D.
Searches summary indexes only.
D.
Searches summary indexes only.
Answers
Suggested answer: A

Explanation:

Reference: https://community.splunk.com/t5/Splunk-Enterprise-Security/Why-do-correlationsearches-in- Enterprise-Security-not-use-quot/m-p/262622

Question 96

Report
Export
Collapse

What is the main purpose of the Dashboard Requirements Matrix document?

A.
Identifies on which data model(s) each dashboard depends.
A.
Identifies on which data model(s) each dashboard depends.
Answers
B.
Provides instructions for customizing each dashboard for local data models.
B.
Provides instructions for customizing each dashboard for local data models.
Answers
C.
Identifies the searches used by the dashboards.
C.
Identifies the searches used by the dashboards.
Answers
D.
Identifies which data model(s) depend on each dashboard.
D.
Identifies which data model(s) depend on each dashboard.
Answers
Suggested answer: D

Question 97

Report
Export
Collapse

What are adaptive responses triggered by?

A.
By correlation searches and users on the incident review dashboard.
A.
By correlation searches and users on the incident review dashboard.
Answers
B.
By correlation searches and custom tech add-ons.
B.
By correlation searches and custom tech add-ons.
Answers
C.
By correlation searches and users on the threat analysis dashboard.
C.
By correlation searches and users on the threat analysis dashboard.
Answers
D.
By custom tech add-ons and users on the risk analysis dashboard.
D.
By custom tech add-ons and users on the risk analysis dashboard.
Answers
Suggested answer: D

Question 98

Report
Export
Collapse

How does ES know local customer domain names so it can detect internal vs. external emails?

A.
Web and email domain names are set in General -> General Configuration.
A.
Web and email domain names are set in General -> General Configuration.
Answers
B.
ES uses the User Activity index and applies machine learning to determine internal and external domains.
B.
ES uses the User Activity index and applies machine learning to determine internal and external domains.
Answers
C.
The Corporate Web and Email Domain Lookups are edited during initial configuration.
C.
The Corporate Web and Email Domain Lookups are edited during initial configuration.
Answers
D.
ES extracts local email and web domains automatically from SMTP and HTTP logs.
D.
ES extracts local email and web domains automatically from SMTP and HTTP logs.
Answers
Suggested answer: C

Question 99

Report
Export
Collapse

After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?

A.
Applying Tags.
A.
Applying Tags.
Answers
B.
Normalization to Customer Standard.
B.
Normalization to Customer Standard.
Answers
C.
Normalization to the Splunk Common Information Model.
C.
Normalization to the Splunk Common Information Model.
Answers
D.
Extracting Fields.
D.
Extracting Fields.
Answers
Suggested answer: C

Explanation:


Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms