Splunk SPLK-3001 Practice Test - Questions Answers, Page 9

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

How is it possible to specify an alternate location for accelerated storage?

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?

Accelerated data requires approximately how many times the daily data volume of additional storage space per year?

What can be exported from ES using the Content Management page?

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.

Which of the following options is most likely to help performance?

What should be used to map a non-standard field name to a CIM field name?

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?