Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Splunk SPLK-3001 - Splunk Enterprise Security Certified Admin Exam

Page: 1 / 3
Total 99 questions

Which of the following is part of tuning correlation searches for a new ES installation?

A.

Configuring correlation notable event index.

B.

Configuring correlation permissions.

C.

Configuring correlation adaptive responses.

D.

Configuring correlation result storage.

How is notable event urgency calculated?

A.

Asset priority and threat weight.

B.

Alert severity found by the correlation search.

C.

Asset or identity risk and severity found by the correlation search.

D.

Severity set by the correlation search and priority assigned to the associated asset or identity.

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

A.

A prefix of CIM_

B.

A suffix of .spl

C.

A prefix of TECH_

D.

A prefix of Splunk_TA_

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

A.

Index consistency.

B.

Data integrity control.

C.

Indexer acknowledgement.

D.

Index access permissions.

Where is it possible to export content, such as correlation searches, from ES?

A.

Content exporter

B.

Configure -> Content Management

C.

Export content dashboard

D.

Settings Menu -> ES -> Export

Which of these Is a benefit of data normalization?

A.

Reports run faster because normalized data models can be optimized for better performance.

B.

Dashboards take longer to build.

C.

Searches can be built no matter the specific source technology for a normalized data type.

D.

Forwarder-based inputs are more efficient.

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

A.

$SPLUNK_HOME/etc/master-apps/

B.

$SPLUNK_HOME/etc/system/local/

C.

$SPLUNK_HOME/etc/shcluster/apps

D.

$SPLUNK_HOME/var/run/searchpeers/

Where is detailed information about identities stored?

A.

The Identity Investigator index.

B.

The Access Anomalies collection.

C.

The User Activity index.

D.

The Identity Lookup CSV file.

Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.

Which dashboards will now be supported so analysts can view and analyze network Stream data?

A.

Endpoint dashboards.

B.

User Intelligence dashboards.

C.

Protocol Intelligence dashboards.

D.

Web Intelligence dashboards.

Which of the following features can the Add-on Builder configure in a new add-on?

A.

Expire data.

B.

Normalize data.

C.

Summarize data.

D.

Translate data.