Splunk SPLK-3001 Practice Test - Questions Answers, Page 9
List of questions
Related questions
Question 81

Which of the following is part of tuning correlation searches for a new ES installation?
Question 82

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?
Question 83

How is it possible to specify an alternate location for accelerated storage?
Question 84

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?
Question 85

Accelerated data requires approximately how many times the daily data volume of additional storage space per year?
Question 86

What can be exported from ES using the Content Management page?
Question 87

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.
How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?
Question 88

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.
Which of the following options is most likely to help performance?
Question 89

What should be used to map a non-standard field name to a CIM field name?
Question 90

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?
Question