SPLK-3001 by Splunk Actual Free Exam Questions And Answers

Question 1

Which of the following is part of tuning correlation searches for a new ES installation?

A. Configuring correlation permissions.

B. Configuring correlation adaptive responses.

C. Configuring correlation notable event index.

D. Configuring correlation result storage.

Discussion 0

Correct Answer: B Vote an answer

Question 2

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

A. Indexers might crash.

B. Indexers might not be reachable.

C. Indexers have different settings.

D. Indexers might be processing.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

Which feature contains scenarios that are useful during ES implementation?

A. Predictive Analytics

B. Correlation Searches

C. Use Case Library

D. Adaptive Responses

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

A. SplunkWeb (8429), Splunk Management (8060), KV Store (8078)

B. SplunkWeb (8000), Splunk Management (8089), KV Store (8191)

C. SplunkWeb (8088), Splunk Management (8089), KV Store (8000)

D. SplunkWeb (8043), Splunk Management (8088), KV Store (8191)

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

A newly built custom dashboard needs to be available to a team of security analysts in ES.
How is it possible to integrate the new dashboard?

A. Add the dashboard to a custom add-in app and install it to ES using the Content Manager.

B. Create a new role inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.

C. Add links on the ES home page to the new dashboard.

D. Set the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.

Discussion 0

Correct Answer: D Vote an answer

Question 6

Which indexes are searched by default for CIM data models?

A. summary and notable

B. _internal and summary

C. All indexes

D. notable and default

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which of the following is an adaptive action that is configured by default for ES?

A. Create new correlation search

B. Create investigation

C. Create notable event

D. Create new asset

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Both 'Recommended Actions' and 'Adaptive Response Actions' use adaptive response. How do they differ?

A. Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.

B. Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.

C. Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.

D. Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

An administrator is asked to configure an 'Nslookup' adaptive response action, so that it appears as a selectable option in the notable event's action menu when an analyst is working in the Incident Review dashboard.
What steps would the administrator take to configure this option?

A. Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup

B. Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

C. Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup

D. Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

Discussion 0

Correct Answer: B Vote an answer

Splunk Enterprise Security Certified Admin - SPLK-3001 Exam Practice Test

Contact Us

Useful Links

Latest Updated