ExamGecko
Login
Home / Splunk / SPLK-3001 / List of questions
Ask Question

Splunk SPLK-3001 Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report
Export
Collapse

What does the Security Posture dashboard display?

Active investigations and their status.
Active investigations and their status.
A high-level overview of notable events.
A high-level overview of notable events.
Current threats being tracked by the SOC.
Current threats being tracked by the SOC.
A display of the status of security tools.
A display of the status of security tools.
Suggested answer: B

Explanation:

Explanation:

The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC).

This dashboard

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/SecurityPosturedashboard

asked 23/09/2024
Cheikh Ndiaye
34 questions

Question 22

Report
Export
Collapse

“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?

A user.
A user.
A device.
A device.
An asset.
An asset.
An identity.
An identity.
Suggested answer: B
asked 23/09/2024
Tresor Garcia
40 questions

Question 23

Report
Export
Collapse

How should an administrator add a new lookup through the ES app?

Upload the lookup file in Settings -> Lookups -> Lookup Definitions
Upload the lookup file in Settings -> Lookups -> Lookup Definitions
Upload the lookup file in Settings -> Lookups -> Lookup table files
Upload the lookup file in Settings -> Lookups -> Lookup table files
Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup
Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups

asked 23/09/2024
Matt Harrold
44 questions

Question 24

Report
Export
Collapse

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

Lookup searches.
Lookup searches.
Summarized data.
Summarized data.
Security metrics.
Security metrics.
Metrics store searches.
Metrics store searches.
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable

asked 23/09/2024
Edward Morgan
38 questions

Question 25

Report
Export
Collapse

Which of the following is a key feature of a glass table?

Rigidity.
Rigidity.
Customization.
Customization.
Interactive investigations.
Interactive investigations.
Strong data for later retrieval.
Strong data for later retrieval.
Suggested answer: B
asked 23/09/2024
Tuan Nguyen
41 questions

Question 26

Report
Export
Collapse

An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Suggested answer: D
asked 23/09/2024
PANAGIOTIS SYKAS
39 questions

Question 27

Report
Export
Collapse

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?

Configure -> Incident Management -> Notable Event Statuses
Configure -> Incident Management -> Notable Event Statuses
Configure -> Content Management -> Type: Correlation Search
Configure -> Content Management -> Type: Correlation Search
Configure -> Incident Management -> Incident Review Settings -> Event Management
Configure -> Incident Management -> Incident Review Settings -> Event Management
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables

asked 23/09/2024
Saeed Awwad
46 questions

Question 28

Report
Export
Collapse

To observe what network services are in use in a network’s activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?

Intrusion Center
Intrusion Center
Protocol Analysis
Protocol Analysis
User Intelligence
User Intelligence
Threat Intelligence
Threat Intelligence
Suggested answer: B

Explanation:

Reference:

https://docs.splunk.com/Documentation/ES/6.1.0/User/NetworkProtectionDomaindashboards

asked 23/09/2024
Elias Lopez III
44 questions

Question 29

Report
Export
Collapse

Adaptive response action history is stored in which index?

cim_modactions
cim_modactions
modular_history
modular_history
cim_adaptiveactions
cim_adaptiveactions
modular_action_history
modular_action_history
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes

asked 23/09/2024
Victor vila
37 questions

Question 30

Report
Export
Collapse

Which of the following actions would not reduce the number of false positives from a correlation search?

Reducing the severity.
Reducing the severity.
Removing throttling fields.
Removing throttling fields.
Increasing the throttling window.
Increasing the throttling window.
Increasing threshold sensitivity.
Increasing threshold sensitivity.
Suggested answer: A
asked 23/09/2024
Naveen Kotipalli
39 questions
Total 99 questions
Go to page: of 10
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which settings indicated that the correlation search will be executed as new events are indexed?
Where are attachments to investigations stored?
Where should an ES search head be installed?
What kind of value is in the red box in this picture?
Which tool Is used to update indexers In E5?
Where is the Add-On Builder available from?
Which setting is used in indexes.conf to specify alternate locations for accelerated storage?
After managing source types and extracting fields, which key step comes next In the Add-On Builder?
Which feature contains scenarios that are useful during ES Implementation?
How is it possible to navigate to the ES graphical Navigation Bar editor?