SPLK-3001 Online Practice Questions and Answers

What is the bar across the bottom of any ES window?

A. The Investigator Workbench.

B. The Investigation Bar.

C. The Analyst Bar.

D. The Compliance Bar.

Where is detailed information about identities stored?

A. The Identity Investigator index.

B. The Access Anomalies collection.

C. The User Activity index.

D. The Identity Lookup CSV file.

A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.

What is a solution for this issue?

A. Suppress notable events from that correlation search.

B. Disable acceleration for the correlation search to reduce storage requirements.

C. Modify the correlation schedule and sensitivity for your site.

D. Change the correlation search's default status and severity.

Where is it possible to export content, such as correlation searches, from ES?

A. Content exporter

B. Configure -> Content Management

C. Export content dashboard

D. Settings Menu -> ES -> Export

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

A. Lookup searches.

B. Summarized data.

C. Security metrics.

D. Metrics store searches.

How should an administrator add a new lookup through the ES app?

A. Upload the lookup file in Settings -> Lookups -> Lookup Definitions

B. Upload the lookup file in Settings -> Lookups -> Lookup table files

C. Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups

D. Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

Which argument to the | tstats command restricts the search to summarized data only?

A. summaries=t

B. summaries=all

C. summariesonly=t

D. summariesonly=all

The option to create a Short ID for a notable event is located where?

A. The Additional Fields.

B. The Event Details.

C. The Contributing Events.

D. The Description.

Which of the following is part of tuning correlation searches for a new ES installation?

A. Configuring correlation notable event index.

B. Configuring correlation permissions.

C. Configuring correlation adaptive responses.

D. Configuring correlation result storage.

To which of the following should the ES application be uploaded?

A. The indexer.

B. The KV Store.

C. The search head.

D. The dedicated forwarder.