Splunk SPLK-3001 Practice Test – Member Shared Questions, Page 7

Question 61

Which of the following is a Web Intelligence dashboard?

A.

Network Center

B.

Endpoint Center

C.

HTTP Category Analysis

D.

stream :http Protocol dashboard

Show Answer Comment (0)

Question 62

Which of the following is an adaptive action that is configured by default for ES?

A.

Create notable event

B.

Create new correlation search

C.

Create investigation

D.

Create new asset

Show Answer Comment (0)

Question 63

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

A.

SplunkWeb (8068), Splunk Management (8089), KV Store (8000)

B.

SplunkWeb (8390), Splunk Management (8323), KV Store (8672)

C.

SplunkWeb (8000), Splunk Management (8089), KV Store (8191)

D.

SplunkWeb (8043), Splunk Management (8088), KV Store (8191)

Show Answer Comment (0)

Question 64

Which tool Is used to update indexers In E5?

A.

Index Updater

B.

Distributed Configuration Management

C.

indexes.conf

D.

Splunk_TA_ForIndexeres. spl

Show Answer Comment (0)

Question 65

Which of the following actions may be necessary before installing ES?

A.

Redirect distributed search connections.

B.

Purge KV Store.

C.

Add additional indexers.

D.

Add additional forwarders.

Show Answer Comment (0)

Question 66

When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?

A.

indexes.conf, props.conf, transforms.conf

B.

web.conf, props.conf, transforms.conf

C.

inputs.conf, props.conf, transforms.conf

D.

eventtypes.conf, indexes.conf, tags.conf

Show Answer Comment (0)

Question 67

Which of these Is a benefit of data normalization?

A.

Reports run faster because normalized data models can be optimized for better performance.

B.

Dashboards take longer to build.

C.

Searches can be built no matter the specific source technology for a normalized data type.

D.

Forwarder-based inputs are more efficient.

Show Answer Comment (0)

Question 68

Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

A.

From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.

B.

From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.

C.

In Enterprise Security, give the ess_user role the own Notable Events permission.

D.

From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.

Show Answer Comment (0)

Question 69

What is the bar across the bottom of any ES window?

A.

The Investigator Workbench.

B.

The Investigation Bar.

C.

The Analyst Bar.

D.

The Compliance Bar.

Show Answer Comment (0)

Question 70

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

A.

Administrative Identities

B.

Local User Intel

C.

Identities

D.

Privileged Accounts

Show Answer Comment (0)

Splunk SPLK-3001 Practice Test - Questions Answers, Page 7

List of questions

Question 61

Question 62

Question 63

Question 64

Question 65

Question 66

Question 67

Question 68

Question 69

Question 70

Related questions

Splunk SPLK-3001 Practice Test - Questions Answers, Page 7

List of questions

Question 61

Question 62

Question 63

Question 64

Question 65

Question 66

Question 67

Question 68

Question 69

Question 70

Question

Case Study

Related questions

Export

Practice Tests