ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Which data model populated the panels on the Risk Analysis dashboard?
Where is the Add-On Builder available from?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?
Where is it possible to export content, such as correlation searches, from ES?
What feature of Enterprise Security downloads threat intelligence data from a web server?
After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?

Question 61

Report
Export
Collapse

Which of the following is a Web Intelligence dashboard?

A.
Network Center
A.
Network Center
Answers
B.
Endpoint Center
B.
Endpoint Center
Answers
C.
HTTP Category Analysis
C.
HTTP Category Analysis
Answers
D.
stream :http Protocol dashboard
D.
stream :http Protocol dashboard
Answers
Suggested answer: C

Question 62

Report
Export
Collapse

Which of the following is an adaptive action that is configured by default for ES?

A.
Create notable event
A.
Create notable event
Answers
B.
Create new correlation search
B.
Create new correlation search
Answers
C.
Create investigation
C.
Create investigation
Answers
D.
Create new asset
D.
Create new asset
Answers
Suggested answer: A

Question 63

Report
Export
Collapse

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

A.
SplunkWeb (8068), Splunk Management (8089), KV Store (8000)
A.
SplunkWeb (8068), Splunk Management (8089), KV Store (8000)
Answers
B.
SplunkWeb (8390), Splunk Management (8323), KV Store (8672)
B.
SplunkWeb (8390), Splunk Management (8323), KV Store (8672)
Answers
C.
SplunkWeb (8000), Splunk Management (8089), KV Store (8191)
C.
SplunkWeb (8000), Splunk Management (8089), KV Store (8191)
Answers
D.
SplunkWeb (8043), Splunk Management (8088), KV Store (8191)
D.
SplunkWeb (8043), Splunk Management (8088), KV Store (8191)
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/SecureSplunkonyournetwork

Question 64

Report
Export
Collapse

Which tool Is used to update indexers In E5?

A.
Index Updater
A.
Index Updater
Answers
B.
Distributed Configuration Management
B.
Distributed Configuration Management
Answers
C.
indexes.conf
C.
indexes.conf
Answers
D.
Splunk_TA_ForIndexeres. spl
D.
Splunk_TA_ForIndexeres. spl
Answers
Suggested answer: B

Question 65

Report
Export
Collapse

Which of the following actions may be necessary before installing ES?

A.
Redirect distributed search connections.
A.
Redirect distributed search connections.
Answers
B.
Purge KV Store.
B.
Purge KV Store.
Answers
C.
Add additional indexers.
C.
Add additional indexers.
Answers
D.
Add additional forwarders.
D.
Add additional forwarders.
Answers
Suggested answer: C

Question 66

Report
Export
Collapse

When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?

A.
indexes.conf, props.conf, transforms.conf
A.
indexes.conf, props.conf, transforms.conf
Answers
B.
web.conf, props.conf, transforms.conf
B.
web.conf, props.conf, transforms.conf
Answers
C.
inputs.conf, props.conf, transforms.conf
C.
inputs.conf, props.conf, transforms.conf
Answers
D.
eventtypes.conf, indexes.conf, tags.conf
D.
eventtypes.conf, indexes.conf, tags.conf
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Install/InstallTechnologyAdd-ons

Question 67

Report
Export
Collapse

Which of these Is a benefit of data normalization?

A.
Reports run faster because normalized data models can be optimized for better performance.
A.
Reports run faster because normalized data models can be optimized for better performance.
Answers
B.
Dashboards take longer to build.
B.
Dashboards take longer to build.
Answers
C.
Searches can be built no matter the specific source technology for a normalized data type.
C.
Searches can be built no matter the specific source technology for a normalized data type.
Answers
D.
Forwarder-based inputs are more efficient.
D.
Forwarder-based inputs are more efficient.
Answers
Suggested answer: A

Question 68

Report
Export
Collapse

Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

A.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
A.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
Answers
B.
From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.
B.
From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.
Answers
C.
In Enterprise Security, give the ess_user role the own Notable Events permission.
C.
In Enterprise Security, give the ess_user role the own Notable Events permission.
Answers
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.
Answers
Suggested answer: B

Question 69

Report
Export
Collapse

What is the bar across the bottom of any ES window?

A.
The Investigator Workbench.
A.
The Investigator Workbench.
Answers
B.
The Investigation Bar.
B.
The Investigation Bar.
Answers
C.
The Analyst Bar.
C.
The Analyst Bar.
Answers
D.
The Compliance Bar.
D.
The Compliance Bar.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/User/Startaninvestigation

Question 70

Report
Export
Collapse

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

A.
Administrative Identities
A.
Administrative Identities
Answers
B.
Local User Intel
B.
Local User Intel
Answers
C.
Identities
C.
Identities
Answers
D.
Privileged Accounts
D.
Privileged Accounts
Answers
Suggested answer: C
Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms