ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Where is the Add-On Builder available from?
Which data model populated the panels on the Risk Analysis dashboard?
Where is it possible to export content, such as correlation searches, from ES?
What feature of Enterprise Security downloads threat intelligence data from a web server?
After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?

Question 11

Report
Export
Collapse

Which setting is used in indexes.conf to specify alternate locations for accelerated storage?

A.
thawedPath
A.
thawedPath
Answers
B.
tstatsHomePath
B.
tstatsHomePath
Answers
C.
summaryHomePath
C.
summaryHomePath
Answers
D.
warmToColdScript
D.
warmToColdScript
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels

Question 12

Report
Export
Collapse

Which of the following is a way to test for a property normalized data model?

A.
Use Audit -> Normalization Audit and check the Errors panel.
A.
Use Audit -> Normalization Audit and check the Errors panel.
Answers
B.
Run a | datamodel search, compare results to the CIM documentation for the datamodel.
B.
Run a | datamodel search, compare results to the CIM documentation for the datamodel.
Answers
C.
Run a | loadjob search, look at tag values and compare them to known tags based on the encoding.
C.
Run a | loadjob search, look at tag values and compare them to known tags based on the encoding.
Answers
D.
Run a | datamodel search and compare the results to the list of data models in the ES normalization guide.
D.
Run a | datamodel search and compare the results to the list of data models in the ES normalization guide.
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizedataatsearchtime

Question 13

Report
Export
Collapse

Which argument to the | tstats command restricts the search to summarized data only?

A.
summaries=t
A.
summaries=t
Answers
B.
summaries=all
B.
summaries=all
Answers
C.
summariesonly=t
C.
summariesonly=t
Answers
D.
summariesonly=all
D.
summariesonly=all
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels

Question 14

Report
Export
Collapse

When investigating, what is the best way to store a newly-found IOC?

A.
Paste it into Notepad.
A.
Paste it into Notepad.
Answers
B.
Click the “Add IOC” button.
B.
Click the “Add IOC” button.
Answers
C.
Click the “Add Artifact” button.
C.
Click the “Add Artifact” button.
Answers
D.
Add it in a text note to the investigation.
D.
Add it in a text note to the investigation.
Answers
Suggested answer: C

Question 15

Report
Export
Collapse

How is it possible to navigate to the list of currently-enabled ES correlation searches?

A.
Configure -> Correlation Searches -> Select Status “Enabled”
A.
Configure -> Correlation Searches -> Select Status “Enabled”
Answers
B.
Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”
B.
Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”
Answers
C.
Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”
C.
Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”
Answers
D.
Settings -> Searches, Reports, and Alerts -> Select App of “SplunkEnterpriseSecuritySuite” and filter by “- Rule”
D.
Settings -> Searches, Reports, and Alerts -> Select App of “SplunkEnterpriseSecuritySuite” and filter by “- Rule”
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Listcorrelationsearches

Question 16

Report
Export
Collapse

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

A.
Indexes might crash.
A.
Indexes might crash.
Answers
B.
Indexes might be processing.
B.
Indexes might be processing.
Answers
C.
Indexes might not be reachable.
C.
Indexes might not be reachable.
Answers
D.
Indexes have different settings.
D.
Indexes have different settings.
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Indexesconf

Question 17

Report
Export
Collapse

Which of the following are data models used by ES? (Choose all that apply)

A.
Web
A.
Web
Answers
B.
Anomalies
B.
Anomalies
Answers
C.
Authentication
C.
Authentication
Answers
D.
Network Traffic
D.
Network Traffic
Answers
Suggested answer: A, C, D

Explanation:

Reference:

https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/

Question 18

Report
Export
Collapse

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

A.
When adding apps to the deployment server.
A.
When adding apps to the deployment server.
Answers
B.
Splunk_TA_ForIndexers.spl is installed first.
B.
Splunk_TA_ForIndexers.spl is installed first.
Answers
C.
After installing ES on the search head(s) and running the distributed configuration management tool.
C.
After installing ES on the search head(s) and running the distributed configuration management tool.
Answers
D.
Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.
D.
Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons

Question 19

Report
Export
Collapse

Which correlation search feature is used to throttle the creation of notable events?

A.
Schedule priority.
A.
Schedule priority.
Answers
B.
Window interval.
B.
Window interval.
Answers
C.
Window duration.
C.
Window duration.
Answers
D.
Schedule windows.
D.
Schedule windows.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

Question 20

Report
Export
Collapse

Both “Recommended Actions” and “Adaptive Response Actions” use adaptive response. How do they differ?

A.
Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.
A.
Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.
Answers
B.
Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.
B.
Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.
Answers
C.
Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.
C.
Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.
Answers
D.
Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.
D.
Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/latest/Admin/Configureadaptiveresponse

Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms