New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SPLK-3001 Questions and Answers

Question # 6

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

A.

Security domains.

B.

Threat intel.

C.

Assets.

D.

Domains.

Full Access
Question # 7

Both “Recommended Actions” and “Adaptive Response Actions” use adaptive response. How do they differ?

A.

Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.

B.

Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.

C.

Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.

D.

Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run manually with analyst intervention.

Full Access
Question # 8

What feature of Enterprise Security downloads threat intelligence data from a web server?

A.

Threat Service Manager

B.

Threat Download Manager

C.

Threat Intelligence Parser

D.

Therat Intelligence Enforcement

Full Access
Question # 9

How is notable event urgency calculated?

A.

Asset priority and threat weight.

B.

Alert severity found by the correlation search.

C.

Asset or identity risk and severity found by the correlation search.

D.

Severity set by the correlation search and priority assigned to the associated asset or identity.

Full Access
Question # 10

What do threat gen searches produce?

A.

Threat Intel in KV Store collections.

B.

Threat correlation searches.

C.

Threat notables in the notable index.

D.

Events in the threat activity index.

Full Access
Question # 11

What does the risk framework add to an object (user, server or other type) to indicate increased risk?

A.

An urgency.

B.

A risk profile.

C.

An aggregation.

D.

A numeric score.

Full Access
Question # 12

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

A.

Indexes might crash.

B.

Indexes might be processing.

C.

Indexes might not be reachable.

D.

Indexes have different settings.

Full Access
Question # 13

A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.

What is a solution for this issue?

A.

Suppress notable events from that correlation search.

B.

Disable acceleration for the correlation search to reduce storage requirements.

C.

Modify the correlation schedule and sensitivity for your site.

D.

Change the correlation search's default status and severity.

Full Access
Question # 14

Where is detailed information about identities stored?

A.

The Identity Investigator index.

B.

The Access Anomalies collection.

C.

The User Activity index.

D.

The Identity Lookup CSV file.

Full Access
Question # 15

Which tool Is used to update indexers In E5?

A.

Index Updater

B.

Distributed Configuration Management

C.

indexes.conf

D.

Splunk_TA_ForIndexeres. spl

Full Access
Question # 16

Which component normalizes events?

A.

SA-CIM.

B.

SA-Notable.

C.

ES application.

D.

Technology add-on.

Full Access
Question # 17

What is the main purpose of the Dashboard Requirements Matrix document?

A.

Identifies on which data model(s) each dashboard depends.

B.

Provides instructions for customizing each dashboard for local data models.

C.

Identifies the searches used by the dashboards.

D.

Identifies which data model(s) depend on each dashboard.

Full Access
Question # 18

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

A.

Index consistency.

B.

Data integrity control.

C.

Indexer acknowledgement.

D.

Index access permissions.

Full Access
Question # 19

Which of the following are data models used by ES? (Choose all that apply)

A.

Web

B.

Anomalies

C.

Authentication

D.

Network Traffic

Full Access
Question # 20

Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?

A.

VIP

B.

Priority

C.

Importance

D.

Criticality

Full Access
Question # 21

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

A.

Lookup searches.

B.

Summarized data.

C.

Security metrics.

D.

Metrics store searches.

Full Access
Question # 22

Which data model populated the panels on the Risk Analysis dashboard?

A.

Risk

B.

Audit

C.

Domain analysis

D.

Threat intelligence

Full Access
Question # 23

An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?

A.

OS: 32 bit, RAM: 16 MB, CPU: 12 cores

B.

OS: 64 bit, RAM: 32 MB, CPU: 12 cores

C.

OS: 64 bit, RAM: 12 MB, CPU: 16 cores

D.

OS: 64 bit, RAM: 32 MB, CPU: 16 cores

Full Access
Question # 24

Which feature contains scenarios that are useful during ES Implementation?

A.

Use Case Library

B.

Correlation Searches

C.

Predictive Analytics

D.

Adaptive Responses

Full Access
Question # 25

Where should an ES search head be installed?

A.

On a Splunk server with top level visibility.

B.

On any Splunk server.

C.

On a server with a new install of Splunk.

D.

On a Splunk server running Splunk DB Connect.

Full Access
Question # 26

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

A.

When adding apps to the deployment server.

B.

Splunk_TA_ForIndexers.spl is installed first.

C.

After installing ES on the search head(s) and running the distributed configuration management tool.

D.

Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Full Access
Question # 27

What is the default schedule for accelerating ES Datamodels?

A.

1 minute

B.

5 minutes

C.

15 minutes

D.

1 hour

Full Access
Question # 28

Which of the following steps will make the Threat Activity dashboard the default landing page in ES?

A.

From the Edit Navigation page, drag and drop the Threat Activity view to the top of the page.

B.

From the Preferences menu for the user, select Enterprise Security as the default application.

C.

From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity.

D.

Edit the Threat Activity view settings and checkmark the Default View option.

Full Access
Question # 29

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

A.

In Enterprise Security, give the ess_user role the Own Notable Events permission.

B.

From the Status Configuration window select the Closed status. Remove ess_user from the status

transitions for the Resolved status.

C.

From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the Closed status.

D.

From Splunk Access Controls, select the ess_user role and remove the edit_notable_events capability.

Full Access