Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

SPLK-3001 Sample Questions Answers

Questions 4

Who can delete an investigation?

Options:

A.

ess_admin users only.

B.

The investigation owner only.

C.

The investigation owner and ess-admin.

D.

The investigation owner and collaborators.

Buy Now
Questions 5

Which of the following is a key feature of a glass table?

Options:

A.

Rigidity.

B.

Customization.

C.

Interactive investigations.

D.

Strong data for later retrieval.

Buy Now
Questions 6

A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.

What is a solution for this issue?

Options:

A.

Suppress notable events from that correlation search.

B.

Disable acceleration for the correlation search to reduce storage requirements.

C.

Modify the correlation schedule and sensitivity for your site.

D.

Change the correlation search's default status and severity.

Buy Now
Questions 7

An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

Options:

A.

Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup

B.

Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

C.

Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup

D.

Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

Buy Now
Questions 8

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

Options:

A.

Index consistency.

B.

Data integrity control.

C.

Indexer acknowledgement.

D.

Index access permissions.

Buy Now
Questions 9

After data is ingested, which data management step is essential to ensure raw data can be accelerated by a Data Model and used by ES?

Options:

A.

Applying Tags.

B.

Normalization to Customer Standard.

C.

Normalization to the Splunk Common Information Model.

D.

Extracting Fields.

Buy Now
Questions 10

Which of the following steps will make the Threat Activity dashboard the default landing page in ES?

Options:

A.

From the Edit Navigation page, drag and drop the Threat Activity view to the top of the page.

B.

From the Preferences menu for the user, select Enterprise Security as the default application.

C.

From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity.

D.

Edit the Threat Activity view settings and checkmark the Default View option.

Buy Now
Questions 11

How should an administrator add a new look up through the ES app?

Options:

A.

Upload the lookup file in Settings -> Lookups -> Lookup Definitions

B.

Upload the lookup file in Settings -> Lookups -> Lookup table files

C.

Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups

D.

Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

Buy Now
Questions 12

What can be exported from ES using the Content Management page?

Options:

A.

Only correlation searches, managed lookups, and glass tables.

B.

Only correlation searches.

C.

Any content type listed in the Content Management page.

D.

Only correlation searches, glass tables, and workbench panels.

Buy Now
Questions 13

Which of the following are examples of sources for events in the endpoint security domain dashboards?

Options:

A.

REST API invocations.

B.

Investigation final results status.

C.

Workstations, notebooks, and point-of-sale systems.

D.

Lifecycle auditing of incidents, from assignment to resolution.

Buy Now
Questions 14

“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?

Options:

A.

A user.

B.

A device.

C.

An asset.

D.

An identity.

Buy Now
Questions 15

Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.

Which dashboards will now be supported so analysts can view and analyze network Stream data?

Options:

A.

Endpoint dashboards.

B.

User Intelligence dashboards.

C.

Protocol Intelligence dashboards.

D.

Web Intelligence dashboards.

Buy Now
Questions 16

ES needs to be installed on a search head with which of the following options?

Options:

A.

No other apps.

B.

Any other apps installed.

C.

All apps removed except for TA-*.

D.

Only default built-in and CIM-compliant apps.

Buy Now
Questions 17

What kind of value is in the red box in this picture?

Options:

A.

A risk score.

B.

A source ranking.

C.

An event priority.

D.

An IP address rating.

Buy Now
Questions 18

How is it possible to navigate to the ES graphical Navigation Bar editor?

Options:

A.

Configure -> Navigation Menu

B.

Configure -> General -> Navigation

C.

Settings -> User Interface -> Navigation -> Click on “Enterprise Security”

D.

Settings -> User Interface -> Navigation Menus -> Click on “default” next to SplunkEnterpriseSecuritySuite

Buy Now
Questions 19

Which of the following threat intelligence types can ES download? (Choose all that apply)

Options:

A.

Text

B.

STIX/TAXII

C.

VulnScanSPL

D.

Splunk Enterprise Threat Generator

Buy Now
Questions 20

Where should an ES search head be installed?

Options:

A.

On a Splunk server with top level visibility.

B.

On any Splunk server.

C.

On a server with a new install of Splunk.

D.

On a Splunk server running Splunk DB Connect.

Buy Now
Questions 21

The Add-On Builder creates Splunk Apps that start with what?

Options:

A.

DA-

B.

SA-

C.

TA-

D.

App-

Buy Now
Questions 22

A newly built custom dashboard needs to be available to a team of security analysts In ES. How is It possible to Integrate the new dashboard?

Options:

A.

Add links on the ES home page to the new dashboard.

B.

Create a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.

C.

Set the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.

D.

Add the dashboard to a custom add-in app and install it to ES using the Content Manager.

Buy Now
Questions 23

If a username does not match the ‘identity’ column in the identities list, which column is checked next?

Options:

A.

Email.

B.

Nickname

C.

IP address.

D.

Combination of Last Name, First Name.

Buy Now
Questions 24

What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?

Options:

A.

ess_user

B.

ess_admin

C.

ess_analyst

D.

ess_reviewer

Buy Now
Questions 25

To which of the following should the ES application be uploaded?

Options:

A.

The indexer.

B.

The KV Store.

C.

The search head.

D.

The dedicated forwarder.

Buy Now
Questions 26

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

Options:

A.

Lookup searches.

B.

Summarized data.

C.

Security metrics.

D.

Metrics store searches.

Buy Now
Questions 27

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

Options:

A.

Configuring the identities lookup with user details to enrich notable event Information for forensic analysis.

B.

Make sure the Authentication data model contains up-to-date events and is properly accelerated.

C.

Configuring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.

D.

Use the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.

Buy Now
Questions 28

Which of the following is part of tuning correlation searches for a new ES installation?

Options:

A.

Configuring correlation notable event index.

B.

Configuring correlation permissions.

C.

Configuring correlation adaptive responses.

D.

Configuring correlation result storage.

Buy Now
Questions 29

Which indexes are searched by default for CIM data models?

Options:

A.

notable and default

B.

summary and notable

C.

_internal and summary

D.

All indexes

Buy Now
Exam Code: SPLK-3001
Exam Name: Splunk Enterprise Security Certified Admin Exam
Last Update: Jun 9, 2024
Questions: 99
$64  $159.99
$48  $119.99
$40  $99.99
buy now SPLK-3001