Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

Which two fields combine to create the Urgency of a notable event?

APriority and Severity.

BPriority and Criticality.

CCriticality and Severity.

DPrecedence and Time.

Answer : A

Question 2

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

ASecurity domains.

BThreat intel.

CAssets.

DDomains.

Answer : B

Question 3

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

AConfiguring the identities lookup with user details to enrich notable event Information for forensic analysis.

BMake sure the Authentication data model contains up-to-date events and is properly accelerated.

CConfiguring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.

DUse the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.

Answer : C

Question 4

A newly built custom dashboard needs to be available to a team of security analysts In ES. How is It possible to Integrate the new dashboard?

AAdd links on the ES home page to the new dashboard.

BCreate a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.

CSet the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.

DAdd the dashboard to a custom add-in app and install it to ES using the Content Manager.

Answer : C

Question 5

Where should an ES search head be installed?

AOn a Splunk server with top level visibility.

BOn any Splunk server.

COn a server with a new install of Splunk.

DOn a Splunk server running Splunk DB Connect.

Answer : B

Question 6

What tools does the Risk Analysis dashboard provide?

AHigh risk threats.

BNotable event domains displayed by risk score.

CA display of the highest risk assets and identities.

DKey indicators showing the highest probability correlation searches in the environment.

Answer : C

Question 7

An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?

AOS: 32 bit, RAM: 16 MB, CPU: 12 cores

BOS: 64 bit, RAM: 32 MB, CPU: 12 cores

COS: 64 bit, RAM: 12 MB, CPU: 16 cores

DOS: 64 bit, RAM: 32 MB, CPU: 16 cores

Answer : C

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test