ExamGecko
Home / Splunk / SPLK-3001
Ask Question

Splunk SPLK-3001 Practice Test - Questions Answers, Page 6

Question list
Search

Question 51

Report
Export
Collapse

When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?

Use new app names each time content is exported.
Use new app names each time content is exported.
Do not use the .spl extension when naming an export.
Do not use the .spl extension when naming an export.
Always include existing and new content for each export.
Always include existing and new content for each export.
Either use new app names or always include both existing and new content.
Either use new app names or always include both existing and new content.
Suggested answer: D

Explanation:

Either use new app names each time (which could be difficult to manage) or make sure you always include all content (old and new) each time you export.

asked 23/09/2024
Jacek Kaleta
55 questions

Question 52

Report
Export
Collapse

Who can delete an investigation?

ess_admin users only.
ess_admin users only.
The investigation owner only.
The investigation owner only.
The investigation owner and ess-admin.
The investigation owner and ess-admin.
The investigation owner and collaborators.
The investigation owner and collaborators.
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Manageinvestigations

asked 23/09/2024
Cintron, Rigoberto
37 questions

Question 53

Report
Export
Collapse

After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?

Splunk_DS_ForIndexers.spl
Splunk_DS_ForIndexers.spl
Splunk_ES_ForIndexers.spl
Splunk_ES_ForIndexers.spl
Splunk_SA_ForIndexers.spl
Splunk_SA_ForIndexers.spl
Splunk_TA_ForIndexers.spl
Splunk_TA_ForIndexers.spl
Suggested answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons

asked 23/09/2024
Arash Farivarmoheb
42 questions

Question 54

Report
Export
Collapse

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?

Edit the search and modify the notable event status field to make the notable events less urgent.
Edit the search and modify the notable event status field to make the notable events less urgent.
Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.
Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.
Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.
Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

asked 23/09/2024
Anirban Ganguly
48 questions

Question 55

Report
Export
Collapse

Which of the following actions can improve overall search performance?

Disable indexed real-time search.
Disable indexed real-time search.
Increase priority of all correlation searches.
Increase priority of all correlation searches.
Reduce the frequency (schedule) of lower-priority correlation searches.
Reduce the frequency (schedule) of lower-priority correlation searches.
Add notable event suppressions for correlation searches with high numbers of false positives.
Add notable event suppressions for correlation searches with high numbers of false positives.
Suggested answer: A
asked 23/09/2024
John Bascara
36 questions

Question 56

Report
Export
Collapse

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

Correlation editor.
Correlation editor.
Key indicator search.
Key indicator search.
Threat download dashboard.
Threat download dashboard.
Protocol intelligence dashboard.
Protocol intelligence dashboard.
Suggested answer: D

Explanation:

Reference: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprisesecurity/features.html

asked 23/09/2024
Gaetano di Girolamo
36 questions

Question 57

Report
Export
Collapse

Which component normalizes events?

SA-CIM.
SA-CIM.
SA-Notable.
SA-Notable.
ES application.
ES application.
Technology add-on.
Technology add-on.
Suggested answer: A

Explanation:

Reference:

https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizedataatsearchtime

asked 23/09/2024
Giuseppina Mancinelli
34 questions

Question 58

Report
Export
Collapse

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

Index consistency.
Index consistency.
Data integrity control.
Data integrity control.
Indexer acknowledgement.
Indexer acknowledgement.
Index access permissions.
Index access permissions.
Suggested answer: B

Explanation:

Reference: https://answers.splunk.com/answers/790783/anti-tampering-features-to-protect-splunklogs-the.html

asked 23/09/2024
Georgescu Andrei
39 questions

Question 59

Report
Export
Collapse

What is the first step when preparing to install ES?

Install ES.
Install ES.
Determine the data sources used.
Determine the data sources used.
Determine the hardware required.
Determine the hardware required.
Determine the size and scope of installation.
Determine the size and scope of installation.
Suggested answer: D
asked 23/09/2024
christopher patrick
32 questions

Question 60

Report
Export
Collapse

What is the default schedule for accelerating ES Datamodels?

1 minute
1 minute
5 minutes
5 minutes
15 minutes
15 minutes
1 hour
1 hour
Suggested answer: B
asked 23/09/2024
Jonathan Correa
45 questions
Total 99 questions
Go to page: of 10