Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

How is it possible to specify an alternate location for accelerated storage?

AConfigure storage optimization settings for the index.

BUpdate the Home Path setting in indexes, conf

CUse the tstatsHomePath setting in props, conf

DUse the tstatsHomePath Setting in indexes, conf

Answer : C

Question 2

Which of the following is a Web Intelligence dashboard?

ANetwork Center

BEndpoint Center

CHTTP Category Analysis

Dstream :http Protocol dashboard

Answer : C

Question 3

What is the default schedule for accelerating ES Datamodels?

A1 minute

B5 minutes

C15 minutes

D1 hour

Answer : B

Question 4

What is the first step when preparing to install ES?

AInstall ES.

BDetermine the data sources used.

CDetermine the hardware required.

DDetermine the size and scope of installation.

Answer : D

Question 5

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

AIndex consistency.

BData integrity control.

CIndexer acknowledgement.

DIndex access permissions.

Answer : B

the.html

Question 6

Which of the following actions can improve overall search performance?

ADisable indexed real-time search.

BIncrease priority of all correlation searches.

CReduce the frequency (schedule) of lower-priority correlation searches.

DAdd notable event suppressions for correlation searches with high numbers of false positives.

Answer : A

Question 7

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?

AEdit the search and modify the notable event status field to make the notable events less urgent.

BEdit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.

CEdit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.

DModify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.

Answer : B

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test