Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

Which columns in the Assets lookup are used to identify an asset in an event?

Asrc, dvc, dest

Bcidr, port, netbios, saml

Cip, mac, dns, nt_host

Dhost, hostname, url, address

Answer : C

Question 2

Which two fields combine to create the Urgency of a notable event?

APriority and Severity.

BPriority and Criticality.

CCriticality and Severity.

DPrecedence and Time.

Answer : A

Question 3

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

AConfiguring the identities lookup with user details to enrich notable event Information for forensic analysis.

BMake sure the Authentication data model contains up-to-date events and is properly accelerated.

CConfiguring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.

DUse the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.

Answer : C

Question 4

A newly built custom dashboard needs to be available to a team of security analysts In ES. How is It possible to Integrate the new dashboard?

AAdd links on the ES home page to the new dashboard.

BCreate a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.

CSet the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.

DAdd the dashboard to a custom add-in app and install it to ES using the Content Manager.

Answer : C

Question 5

Where should an ES search head be installed?

AOn a Splunk server with top level visibility.

BOn any Splunk server.

COn a server with a new install of Splunk.

DOn a Splunk server running Splunk DB Connect.

Answer : B

Question 6

Which component normalizes events?

ASA-CIM.

BSA-Notable.

CES application.

DTechnology add-on.

Answer : A

Question 7

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

ACorrelation editor.

BKey indicator search.

CThreat download dashboard.

DProtocol intelligence dashboard.

Answer : D

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test