Splunk SPLK-3001 - Splunk Enterprise Security Certified Admin Exam
Which of the following is part of tuning correlation searches for a new ES installation?
How is notable event urgency calculated?
Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?
An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?
Where is it possible to export content, such as correlation searches, from ES?
Which of these Is a benefit of data normalization?
ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?
Where is detailed information about identities stored?
Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.
Which dashboards will now be supported so analysts can view and analyze network Stream data?
Which of the following features can the Add-on Builder configure in a new add-on?