Splunk SPLK-3001 Practice Test - Questions Answers, Page 3
List of questions
Related questions
Question 21

What does the Security Posture dashboard display?
Explanation:
Explanation:
The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC).
This dashboard
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/SecurityPosturedashboard
Question 22

“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?
Question 23

How should an administrator add a new lookup through the ES app?
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups
Question 24

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable
Question 25

Which of the following is a key feature of a glass table?
Question 26

An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?
Question 27

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables
Question 28

To observe what network services are in use in a network’s activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?
Explanation:
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/NetworkProtectionDomaindashboards
Question 29

Adaptive response action history is stored in which index?
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes
Question 30

Which of the following actions would not reduce the number of false positives from a correlation search?
Question