ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3001

Splunk SPLK-3001 Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Where are attachments to investigations stored?
Where should an ES search head be installed?
Which data model populated the panels on the Risk Analysis dashboard?
Where is the Add-On Builder available from?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?
Which settings indicated that the correlation search will be executed as new events are indexed?
Where is it possible to export content, such as correlation searches, from ES?
What feature of Enterprise Security downloads threat intelligence data from a web server?
After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?

Question 81

Report
Export
Collapse

Which of the following is part of tuning correlation searches for a new ES installation?

A.
Configuring correlation notable event index.
A.
Configuring correlation notable event index.
Answers
B.
Configuring correlation permissions.
B.
Configuring correlation permissions.
Answers
C.
Configuring correlation adaptive responses.
C.
Configuring correlation adaptive responses.
Answers
D.
Configuring correlation result storage.
D.
Configuring correlation result storage.
Answers
Suggested answer: A

Question 82

Report
Export
Collapse

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

A.
Configuring the identities lookup with user details to enrich notable event Information for forensic analysis.
A.
Configuring the identities lookup with user details to enrich notable event Information for forensic analysis.
Answers
B.
Make sure the Authentication data model contains up-to-date events and is properly accelerated.
B.
Make sure the Authentication data model contains up-to-date events and is properly accelerated.
Answers
C.
Configuring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.
C.
Configuring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.
Answers
D.
Use the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.
D.
Use the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.
Answers
Suggested answer: C

Question 83

Report
Export
Collapse

How is it possible to specify an alternate location for accelerated storage?

A.
Configure storage optimization settings for the index.
A.
Configure storage optimization settings for the index.
Answers
B.
Update the Home Path setting in indexes, conf
B.
Update the Home Path setting in indexes, conf
Answers
C.
Use the tstatsHomePath setting in props, conf
C.
Use the tstatsHomePath setting in props, conf
Answers
D.
Use the tstatsHomePath Setting in indexes, conf
D.
Use the tstatsHomePath Setting in indexes, conf
Answers
Suggested answer: C

Question 84

Report
Export
Collapse

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?

A.
Configure the add-ons according to their README or documentation.
A.
Configure the add-ons according to their README or documentation.
Answers
B.
Disable the add-ons until they are ready to be used, then enable the add-ons.
B.
Disable the add-ons until they are ready to be used, then enable the add-ons.
Answers
C.
Nothing, there are no additional steps for add-ons.
C.
Nothing, there are no additional steps for add-ons.
Answers
D.
Configure the add-ons via the Content Management dashboard.
D.
Configure the add-ons via the Content Management dashboard.
Answers
Suggested answer: A

Question 85

Report
Export
Collapse

Accelerated data requires approximately how many times the daily data volume of additional storage space per year?

A.
3.4
A.
3.4
Answers
B.
5.7
B.
5.7
Answers
C.
1.0
C.
1.0
Answers
D.
2.5
D.
2.5
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Install/Datamodels

Question 86

Report
Export
Collapse

What can be exported from ES using the Content Management page?

A.
Only correlation searches, managed lookups, and glass tables.
A.
Only correlation searches, managed lookups, and glass tables.
Answers
B.
Only correlation searches.
B.
Only correlation searches.
Answers
C.
Any content type listed in the Content Management page.
C.
Any content type listed in the Content Management page.
Answers
D.
Only correlation searches, glass tables, and workbench panels.
D.
Only correlation searches, glass tables, and workbench panels.
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Export#:~:text=as%20an%20app-,Export%20content%20from%20Splunk%20Enterprise%20Security%20as,from%20the%20Content%20Management%20page.&text=You%20can%20export%20any%20type,%2C%20data%20models%2C%20and%20views.

Question 87

Report
Export
Collapse

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

A.
In Enterprise Security, give the ess_user role the Own Notable Events permission.
A.
In Enterprise Security, give the ess_user role the Own Notable Events permission.
Answers
B.
From the Status Configuration window select the Closed status. Remove ess_user from the status transitions for the Resolved status.
B.
From the Status Configuration window select the Closed status. Remove ess_user from the status transitions for the Resolved status.
Answers
C.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the Closed status.
C.
From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the Closed status.
Answers
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notable_events capability.
D.
From Splunk Access Controls, select the ess_user role and remove the edit_notable_events capability.
Answers
Suggested answer: C

Question 88

Report
Export
Collapse

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.

Which of the following options is most likely to help performance?

A.
Change the search heads to do local indexing of summary searches.
A.
Change the search heads to do local indexing of summary searches.
Answers
B.
Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.
B.
Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.
Answers
C.
Increase memory and CPUs on the search head(s) and add additional indexers.
C.
Increase memory and CPUs on the search head(s) and add additional indexers.
Answers
D.
If indexed realtime search is enabled, disable it for the notable index.
D.
If indexed realtime search is enabled, disable it for the notable index.
Answers
Suggested answer: C

Question 89

Report
Export
Collapse

What should be used to map a non-standard field name to a CIM field name?

A.
Field alias.
A.
Field alias.
Answers
B.
Search time extraction.
B.
Search time extraction.
Answers
C.
Tag.
C.
Tag.
Answers
D.
Eventtype.
D.
Eventtype.
Answers
Suggested answer: A

Question 90

Report
Export
Collapse

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

A.
Security domains.
A.
Security domains.
Answers
B.
Threat intel.
B.
Threat intel.
Answers
C.
Assets.
C.
Assets.
Answers
D.
Domains.
D.
Domains.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Manageinternallookups

Total 99 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms