ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Where is the Add-On Builder available from?
Which data model populated the panels on the Risk Analysis dashboard?
Where is it possible to export content, such as correlation searches, from ES?
What feature of Enterprise Security downloads threat intelligence data from a web server?
After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?

Question 21

Report
Export
Collapse

What does the Security Posture dashboard display?

A.
Active investigations and their status.
A.
Active investigations and their status.
Answers
B.
A high-level overview of notable events.
B.
A high-level overview of notable events.
Answers
C.
Current threats being tracked by the SOC.
C.
Current threats being tracked by the SOC.
Answers
D.
A display of the status of security tools.
D.
A display of the status of security tools.
Answers
Suggested answer: B

Explanation:

Explanation:

The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC).

This dashboard

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/SecurityPosturedashboard

Question 22

Report
Export
Collapse

“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?

A.
A user.
A.
A user.
Answers
B.
A device.
B.
A device.
Answers
C.
An asset.
C.
An asset.
Answers
D.
An identity.
D.
An identity.
Answers
Suggested answer: B

Question 23

Report
Export
Collapse

How should an administrator add a new lookup through the ES app?

A.
Upload the lookup file in Settings -> Lookups -> Lookup Definitions
A.
Upload the lookup file in Settings -> Lookups -> Lookup Definitions
Answers
B.
Upload the lookup file in Settings -> Lookups -> Lookup table files
B.
Upload the lookup file in Settings -> Lookups -> Lookup table files
Answers
C.
Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
C.
Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
Answers
D.
Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup
D.
Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup
Answers
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups

Question 24

Report
Export
Collapse

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

A.
Lookup searches.
A.
Lookup searches.
Answers
B.
Summarized data.
B.
Summarized data.
Answers
C.
Security metrics.
C.
Security metrics.
Answers
D.
Metrics store searches.
D.
Metrics store searches.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable

Question 25

Report
Export
Collapse

Which of the following is a key feature of a glass table?

A.
Rigidity.
A.
Rigidity.
Answers
B.
Customization.
B.
Customization.
Answers
C.
Interactive investigations.
C.
Interactive investigations.
Answers
D.
Strong data for later retrieval.
D.
Strong data for later retrieval.
Answers
Suggested answer: B

Question 26

Report
Export
Collapse

An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

A.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
A.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
Answers
B.
Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
B.
Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Answers
C.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
C.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
Answers
D.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
D.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
Answers
Suggested answer: D

Question 27

Report
Export
Collapse

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?

A.
Configure -> Incident Management -> Notable Event Statuses
A.
Configure -> Incident Management -> Notable Event Statuses
Answers
B.
Configure -> Content Management -> Type: Correlation Search
B.
Configure -> Content Management -> Type: Correlation Search
Answers
C.
Configure -> Incident Management -> Incident Review Settings -> Event Management
C.
Configure -> Incident Management -> Incident Review Settings -> Event Management
Answers
D.
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
D.
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
Answers
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables

Question 28

Report
Export
Collapse

To observe what network services are in use in a network’s activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?

A.
Intrusion Center
A.
Intrusion Center
Answers
B.
Protocol Analysis
B.
Protocol Analysis
Answers
C.
User Intelligence
C.
User Intelligence
Answers
D.
Threat Intelligence
D.
Threat Intelligence
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.splunk.com/Documentation/ES/6.1.0/User/NetworkProtectionDomaindashboards

Question 29

Report
Export
Collapse

Adaptive response action history is stored in which index?

A.
cim_modactions
A.
cim_modactions
Answers
B.
modular_history
B.
modular_history
Answers
C.
cim_adaptiveactions
C.
cim_adaptiveactions
Answers
D.
modular_action_history
D.
modular_action_history
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes

Question 30

Report
Export
Collapse

Which of the following actions would not reduce the number of false positives from a correlation search?

A.
Reducing the severity.
A.
Reducing the severity.
Answers
B.
Removing throttling fields.
B.
Removing throttling fields.
Answers
C.
Increasing the throttling window.
C.
Increasing the throttling window.
Answers
D.
Increasing threshold sensitivity.
D.
Increasing threshold sensitivity.
Answers
Suggested answer: A
Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms