ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Which data model populated the panels on the Risk Analysis dashboard?
Where is the Add-On Builder available from?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?
Where is it possible to export content, such as correlation searches, from ES?
What feature of Enterprise Security downloads threat intelligence data from a web server?
After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?

Question 71

Report
Export
Collapse

Where should an ES search head be installed?

A.
On a Splunk server with top level visibility.
A.
On a Splunk server with top level visibility.
Answers
B.
On any Splunk server.
B.
On any Splunk server.
Answers
C.
On a server with a new install of Splunk.
C.
On a server with a new install of Splunk.
Answers
D.
On a Splunk server running Splunk DB Connect.
D.
On a Splunk server running Splunk DB Connect.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Export

Question 72

Report
Export
Collapse

A newly built custom dashboard needs to be available to a team of security analysts In ES. How is It possible to Integrate the new dashboard?

A.
Add links on the ES home page to the new dashboard.
A.
Add links on the ES home page to the new dashboard.
Answers
B.
Create a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.
B.
Create a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.
Answers
C.
Set the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.
C.
Set the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.
Answers
D.
Add the dashboard to a custom add-in app and install it to ES using the Content Manager.
D.
Add the dashboard to a custom add-in app and install it to ES using the Content Manager.
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

Analysts have requested the ability to capture and analyze network traffic dat a. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.

Which dashboards will now be supported so analysts can view and analyze network Stream data?

A.
Endpoint dashboards.
A.
Endpoint dashboards.
Answers
B.
User Intelligence dashboards.
B.
User Intelligence dashboards.
Answers
C.
Protocol Intelligence dashboards.
C.
Protocol Intelligence dashboards.
Answers
D.
Web Intelligence dashboards.
D.
Web Intelligence dashboards.
Answers
Suggested answer: C

Question 74

Report
Export
Collapse

Which of the following is a recommended pre-installation step?

A.
Disable the default search app.
A.
Disable the default search app.
Answers
B.
Configure search head forwarding.
B.
Configure search head forwarding.
Answers
C.
Download the latest version of KV Store from MongoDBxom.
C.
Download the latest version of KV Store from MongoDBxom.
Answers
D.
Install the latest Python distribution on the search head.
D.
Install the latest Python distribution on the search head.
Answers
Suggested answer: B

Question 75

Report
Export
Collapse

Which feature contains scenarios that are useful during ES Implementation?

A.
Use Case Library
A.
Use Case Library
Answers
B.
Correlation Searches
B.
Correlation Searches
Answers
C.
Predictive Analytics
C.
Predictive Analytics
Answers
D.
Adaptive Responses
D.
Adaptive Responses
Answers
Suggested answer: B

Explanation:

Reference: https://www.splunk.com/pdfs/professional-services/2019/splunk-enterprise-securityimplementation-success.pdf

Question 76

Report
Export
Collapse

The option to create a Short ID for a notable event is located where?

A.
The Additional Fields.
A.
The Additional Fields.
Answers
B.
The Event Details.
B.
The Event Details.
Answers
C.
The Contributing Events.
C.
The Contributing Events.
Answers
D.
The Description.
D.
The Description.
Answers
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/ES/6.4.1/User/Takeactiononanotableevent

Question 77

Report
Export
Collapse

After managing source types and extracting fields, which key step comes next In the Add-On Builder?

A.
Validate and package
A.
Validate and package
Answers
B.
Configure data collection.
B.
Configure data collection.
Answers
C.
Create alert actions.
C.
Create alert actions.
Answers
D.
Map to data models.
D.
Map to data models.
Answers
Suggested answer: D

Question 78

Report
Export
Collapse

What is an example of an ES asset?

A.
MAC address
A.
MAC address
Answers
B.
User name
B.
User name
Answers
C.
Server
C.
Server
Answers
D.
People
D.
People
Answers
Suggested answer: A

Question 79

Report
Export
Collapse

Which of the following steps will make the Threat Activity dashboard the default landing page in ES?

A.
From the Edit Navigation page, drag and drop the Threat Activity view to the top of the page.
A.
From the Edit Navigation page, drag and drop the Threat Activity view to the top of the page.
Answers
B.
From the Preferences menu for the user, select Enterprise Security as the default application.
B.
From the Preferences menu for the user, select Enterprise Security as the default application.
Answers
C.
From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity.
C.
From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity.
Answers
D.
Edit the Threat Activity view settings and checkmark the Default View option.
D.
Edit the Threat Activity view settings and checkmark the Default View option.
Answers
Suggested answer: C

Question 80

Report
Export
Collapse

What do threat gen searches produce?

A.
Threat Intel in KV Store collections.
A.
Threat Intel in KV Store collections.
Answers
B.
Threat correlation searches.
B.
Threat correlation searches.
Answers
C.
Threat notables in the notable index.
C.
Threat notables in the notable index.
Answers
D.
Events in the threat_activity index.
D.
Events in the threat_activity index.
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Createthreatmatchspecs

Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms