ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Which data model populated the panels on the Risk Analysis dashboard?
Where is the Add-On Builder available from?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?
Where is it possible to export content, such as correlation searches, from ES?
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?
What feature of Enterprise Security downloads threat intelligence data from a web server?

Question 31

Report
Export
Collapse

Where is the Add-On Builder available from?

A.
GitHub
A.
GitHub
Answers
B.
SplunkBase
B.
SplunkBase
Answers
C.
www.splunk.com
C.
www.splunk.com
Answers
D.
The ES installation package
D.
The ES installation package
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation

Question 32

Report
Export
Collapse

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

A.
A prefix of CIM_
A.
A prefix of CIM_
Answers
B.
A suffix of .spl
B.
A suffix of .spl
Answers
C.
A prefix of TECH_
C.
A prefix of TECH_
Answers
D.
A prefix of Splunk_TA_
D.
A prefix of Splunk_TA_
Answers
Suggested answer: D

Explanation:

Reference:

https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/

Question 33

Report
Export
Collapse

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

A.
$SPLUNK_HOME/etc/master-apps/
A.
$SPLUNK_HOME/etc/master-apps/
Answers
B.
$SPLUNK_HOME/etc/system/local/
B.
$SPLUNK_HOME/etc/system/local/
Answers
C.
$SPLUNK_HOME/etc/shcluster/apps
C.
$SPLUNK_HOME/etc/shcluster/apps
Answers
D.
$SPLUNK_HOME/var/run/searchpeers/
D.
$SPLUNK_HOME/var/run/searchpeers/
Answers
Suggested answer: C

Explanation:

Explanation:

The upgraded contents of the staging instance will be migrated back to the deployer and deployed to the search head cluster members. On the staging instance, copy $SPLUNK_HOME/etc/apps to $SPLUNK_HOME/etc/shcluster/apps on the deployer. 1. On the deployer, remove any deprecated apps or add-ons in $SPLUNK_HOME/etc/shcluster/apps that were removed during the upgrade on staging. Confirm by reviewing the ES upgrade report generated on staging, or by examining the apps moved into $SPLUNK_HOME/etc/disabled-apps on staging

Question 34

Report
Export
Collapse

How is notable event urgency calculated?

A.
Asset priority and threat weight.
A.
Asset priority and threat weight.
Answers
B.
Alert severity found by the correlation search.
B.
Alert severity found by the correlation search.
Answers
C.
Asset or identity risk and severity found by the correlation search.
C.
Asset or identity risk and severity found by the correlation search.
Answers
D.
Severity set by the correlation search and priority assigned to the associated asset or identity.
D.
Severity set by the correlation search and priority assigned to the associated asset or identity.
Answers
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

Question 35

Report
Export
Collapse

What kind of value is in the red box in this picture?

A.
A risk score.
A.
A risk score.
Answers
B.
A source ranking.
B.
A source ranking.
Answers
C.
An event priority.
C.
An event priority.
Answers
D.
An IP address rating.
D.
An IP address rating.
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventCollector

Question 36

Report
Export
Collapse

Where is it possible to export content, such as correlation searches, from ES?

A.
Content exporter
A.
Content exporter
Answers
B.
Configure -> Content Management
B.
Configure -> Content Management
Answers
C.
Export content dashboard
C.
Export content dashboard
Answers
D.
Settings Menu -> ES -> Export
D.
Settings Menu -> ES -> Export
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Export

Question 37

Report
Export
Collapse

Which of the following threat intelligence types can ES download? (Choose all that apply)

A.
Text
A.
Text
Answers
B.
STIX/TAXII
B.
STIX/TAXII
Answers
C.
VulnScanSPL
C.
VulnScanSPL
Answers
D.
SplunkEnterpriseThreatGenerator
D.
SplunkEnterpriseThreatGenerator
Answers
Suggested answer: A, B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed

Question 38

Report
Export
Collapse

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

A.
Install ES on the existing search head.
A.
Install ES on the existing search head.
Answers
B.
Add a new search head and install ES on it.
B.
Add a new search head and install ES on it.
Answers
C.
Increase the number of CPUs and amount of memory on the search head, then install ES.
C.
Increase the number of CPUs and amount of memory on the search head, then install ES.
Answers
D.
Delete the non-CIM-compliant apps from the search head, then install ES.
D.
Delete the non-CIM-compliant apps from the search head, then install ES.
Answers
Suggested answer: B

Explanation:

Reference: https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf

Question 39

Report
Export
Collapse

Enterprise Security’s dashboards primarily pull data from what type of knowledge object?

A.
Tstats
A.
Tstats
Answers
B.
KV Store
B.
KV Store
Answers
C.
Data models
C.
Data models
Answers
D.
Dynamic lookups
D.
Dynamic lookups
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Splexicon:Knowledgeobject

Question 40

Report
Export
Collapse

To which of the following should the ES application be uploaded?

A.
The indexer.
A.
The indexer.
Answers
B.
The KV Store.
B.
The KV Store.
Answers
C.
The search head.
C.
The search head.
Answers
D.
The dedicated forwarder.
D.
The dedicated forwarder.
Answers
Suggested answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecuritySHC

Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms