ExamGecko
Home / Splunk / SPLK-3001 / List of questions
Ask Question

Splunk SPLK-3001 Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report Export Collapse

Where is the Add-On Builder available from?

GitHub
GitHub
SplunkBase
SplunkBase
www.splunk.com
www.splunk.com
The ES installation package
The ES installation package
Suggested answer: B
Explanation:

Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation

asked 23/09/2024
Frederik Pardon
44 questions

Question 32

Report Export Collapse

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

A prefix of CIM_
A prefix of CIM_
A suffix of .spl
A suffix of .spl
A prefix of TECH_
A prefix of TECH_
A prefix of Splunk_TA_
A prefix of Splunk_TA_
Suggested answer: D
Explanation:

Reference:

https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/

asked 23/09/2024
Aviv Beck
43 questions

Question 33

Report Export Collapse

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

$SPLUNK_HOME/etc/master-apps/
$SPLUNK_HOME/etc/master-apps/
$SPLUNK_HOME/etc/system/local/
$SPLUNK_HOME/etc/system/local/
$SPLUNK_HOME/etc/shcluster/apps
$SPLUNK_HOME/etc/shcluster/apps
$SPLUNK_HOME/var/run/searchpeers/
$SPLUNK_HOME/var/run/searchpeers/
Suggested answer: C
Explanation:

Explanation:

The upgraded contents of the staging instance will be migrated back to the deployer and deployed to the search head cluster members. On the staging instance, copy $SPLUNK_HOME/etc/apps to $SPLUNK_HOME/etc/shcluster/apps on the deployer. 1. On the deployer, remove any deprecated apps or add-ons in $SPLUNK_HOME/etc/shcluster/apps that were removed during the upgrade on staging. Confirm by reviewing the ES upgrade report generated on staging, or by examining the apps moved into $SPLUNK_HOME/etc/disabled-apps on staging

asked 23/09/2024
RAOUL AMODIO
51 questions

Question 34

Report Export Collapse

How is notable event urgency calculated?

Asset priority and threat weight.
Asset priority and threat weight.
Alert severity found by the correlation search.
Alert severity found by the correlation search.
Asset or identity risk and severity found by the correlation search.
Asset or identity risk and severity found by the correlation search.
Severity set by the correlation search and priority assigned to the associated asset or identity.
Severity set by the correlation search and priority assigned to the associated asset or identity.
Suggested answer: D
Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

asked 23/09/2024
RYAN UBANA
44 questions

Question 35

Report Export Collapse

What kind of value is in the red box in this picture?

Splunk SPLK-3001 image Question 35 75656 09232024004612000000

A risk score.
A risk score.
A source ranking.
A source ranking.
An event priority.
An event priority.
An IP address rating.
An IP address rating.
Suggested answer: A
Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventCollector

asked 23/09/2024
Jaimie Lloyd
43 questions

Question 36

Report Export Collapse

Where is it possible to export content, such as correlation searches, from ES?

Content exporter
Content exporter
Configure -> Content Management
Configure -> Content Management
Export content dashboard
Export content dashboard
Settings Menu -> ES -> Export
Settings Menu -> ES -> Export
Suggested answer: B
Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Export

asked 23/09/2024
Kong Yew Kuen
41 questions

Question 37

Report Export Collapse

Which of the following threat intelligence types can ES download? (Choose all that apply)

Text
Text
STIX/TAXII
STIX/TAXII
VulnScanSPL
VulnScanSPL
SplunkEnterpriseThreatGenerator
SplunkEnterpriseThreatGenerator
Suggested answer: A, B
Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed

asked 23/09/2024
Salah Dabwan
49 questions

Question 38

Report Export Collapse

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

Install ES on the existing search head.
Install ES on the existing search head.
Add a new search head and install ES on it.
Add a new search head and install ES on it.
Increase the number of CPUs and amount of memory on the search head, then install ES.
Increase the number of CPUs and amount of memory on the search head, then install ES.
Delete the non-CIM-compliant apps from the search head, then install ES.
Delete the non-CIM-compliant apps from the search head, then install ES.
Suggested answer: B
Explanation:

Reference: https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf

asked 23/09/2024
Michal Kopl
40 questions

Question 39

Report Export Collapse

Enterprise Security’s dashboards primarily pull data from what type of knowledge object?

Become a Premium Member for full access
  Unlock Premium Member

Question 40

Report Export Collapse

To which of the following should the ES application be uploaded?

Become a Premium Member for full access
  Unlock Premium Member
Total 99 questions
Go to page: of 10