Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

ASecurity domains.

BThreat intel.

CAssets.

DDomains.

Answer : B

Question 2

When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?

Aindexes.conf, props.conf, transforms.conf

Bweb.conf, props.conf, transforms.conf

Cinputs.conf, props.conf, transforms.conf

Deventtypes.conf, indexes.conf, tags.conf

Answer : A

Question 3

Which of the following actions may be necessary before installing ES?

ARedirect distributed search connections.

BPurge KV Store.

CAdd additional indexers.

DAdd additional forwarders.

Answer : C

Question 4

Which tool Is used to update indexers In E5?

AIndex Updater

BDistributed Configuration Management

Cindexes.conf

DSplunk_TA_ForIndexeres. spl

Answer : B

Question 5

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

ASplunkWeb (8068), Splunk Management (8089), KV Store (8000)

BSplunkWeb (8390), Splunk Management (8323), KV Store (8672)

CSplunkWeb (8000), Splunk Management (8089), KV Store (8191)

DSplunkWeb (8043), Splunk Management (8088), KV Store (8191)

Answer : C

https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/SecureSplunkonyournetwork

Question 6

Which of the following is an adaptive action that is configured by default for ES?

ACreate notable event

BCreate new correlation search

CCreate investigation

DCreate new asset

Answer : A

Question 7

Which of the following is a Web Intelligence dashboard?

ANetwork Center

BEndpoint Center

CHTTP Category Analysis

Dstream :http Protocol dashboard

Answer : C

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test