Professional Documents
Culture Documents
Splunk Enterprise Security Certified Admin SPLK 3001 Dumps V10.02 DumpsBase PDF
Splunk Enterprise Security Certified Admin SPLK 3001 Dumps V10.02 DumpsBase PDF
BASE
EXAM DUMPS
SPLUNK
SPLK-3001
28% OFF Automatically For You
2. In order to include an eventtype in a data model node, what is the next step after
extracting the correct fields?
e
as
A. Save the settings.
B
ps
B. Apply the correct tags.
um
C. Run the correct search.
D
2
.0
D. Visit the CIM dashboard.
10
V
Answer: C
ps
Explanation:
um
D
Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonor
001
malizeOSSECdata
-3
LK
P
S
in
dm
3. A site has a single existing search head which hosts a mix of both CIM and non-
A
ed
CIM compliant applications. All of the applications are mission-critical. The customer
fi
ti
er
C. Increase the number of CPUs and amount of memory on the search head, then
er
nt
install ES.
E
k
D. Delete the non-CIM-compliant apps from the search head, then install ES.
un
pl
Answer: B
S
Explanation:
Reference: https://www.splunk.com/pdfs/technical-briefs/splunk-validated-
architectures.pdf
6. A security manager has been working with the executive team en long-range
security goals. A primary goal for the team Is to Improve managing user risk in the
e
as
organization .
B
ps
Which of the following ES features can help identify users accessing inappropriate
um
web sites?
D
2
.0
A. Configuring the identities lookup with user details to enrich notable event
10
V
Information for forensic analysis.
ps
B. Make sure the Authentication data model contains up-to-date events and is
um
D
properly accelerated.
001
C. Configuring user and website watchlists so the User Activity dashboard will
-3
LK
D. Use the Access Anomalies dashboard to identify unusual protocols being used to
in
dm
Answer: C
fi
ti
er
C
y
it
ur
Answer: A
Explanation:
Reference:
https://docs.splunk.com/Documentation/ES/6.4.1/Install/InstallTechnologyAdd-ons
9. When creating custom correlation searches, what format is used to embed field
values in the title, description, and drill-down fields of a notable event?
A. $fieldname$
B. “fieldname”
C. %fieldname%
e
as
D. _fieldname_
B
ps
Answer: A
um
Explanation:
D
2
.0
Reference:
10
V
https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
ps
um
D
001
A. Install ES.
P
S
Answer: D
C
y
it
ur
ec
S
analysts In ES .
er
nt
B. Create a new role Inherited from es_analyst, make the dashboard permissions
S
read-only, and make this dashboard the default view for the new role.
C. Set the dashboard permissions to allow access by es_analysts and use the
navigation editor to add it to the menu.
D. Add the dashboard to a custom add-in app and install it to ES using the Content
Manager.
Answer: B
e
as
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes
B
ps
um
D
2
.0
14. What kind of value is in the red box in this picture?
10
V
ps
um
D
001
-3
LK
P
S
in
dm
A
ed
fi
ti
er
C
y
it
ur
ec
S
e
is
pr
er
nt
E
k
un
pl
S
A. A risk score.
B. A source ranking.
C. An event priority.
D. An IP address rating.
Answer: A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/Formateventsf
orHTTPEventCollector
15. Which indexes are searched by default for CIM data models?
A. notable and default
B. summary and notable
C. _internal and summary
D. All indexes
Answer: D
Explanation:
Reference: https://answers.splunk.com/answers/600354/indexes-searched-by-cim-
data-models.html
16. The Add-On Builder creates Splunk Apps that start with what?
A. DA-
e
as
B. SA-
B
ps
C. TA-
um
D. App-
D
2
.0
Answer: C
10
V
Explanation:
ps
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/ab
um
D
outtheessolution/
001
-3
LK
P
S
Answer: B
ec
S
Explanation:
e
is
pr
Reference:
er
nt
https://docs.splunk.com/Documentation/ES/6.4.1/User/Startaninvestigation
E
k
un
pl
S
18. Glass tables can display static images and text, the results of ad-hoc searches,
and which of the following objects?
A. Lookup searches.
B. Summarized data.
C. Security metrics.
D. Metrics store searches.
Answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable
19. The option to create a Short ID for a notable event is located where?
A. The Additional Fields.
B. The Event Details.
C. The Contributing Events.
D. The Description.
Answer: B
Explanation:
https://docs.splunk.com/Documentation/ES/6.4.1/User/Takeactiononanotableevent
20. Which argument to the | tstats command restricts the search to summarized data
only?
e
as
A. summaries=t
B
ps
B. summaries=all
um
C. summariesonly=t
D
2
.0
D. summariesonly=all
10
V
Answer: C
ps
Explanation:
um
D
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Accelera
001
tedatamodels
-3
LK
P
S
in
dm
21. Which of the following steps will make the Threat Activity dashboard the default
A
ed
A. From the Edit Navigation page, drag and drop the Threat Activity view to the top of
C
y
the page.
it
ur
B. From the Preferences menu for the user, select Enterprise Security as the default
ec
S
application.
e
is
pr
C. From the Edit Navigation page, click the 'Set this as the default view" checkmark
er
nt
D. Edit the Threat Activity view settings and checkmark the Default View option.
un
pl
Answer: C
S
e
as
C. Settings -> User Interface -> Navigation -> Click on “Enterprise Security”
B
ps
D. Settings -> User Interface -> Navigation Menus -> Click on “default” next to
um
SplunkEnterpriseSecuritySuite
D
2
.0
Answer: B
10
V
Explanation:
ps
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizemenub
um
D
ar#Restore_the_default_navigation
001
-3
LK
P
S
25. Which setting is used in indexes.conf to specify alternate locations for accelerated
in
dm
storage?
A
ed
A. thawedPath
fi
ti
er
B. tstatsHomePath
C
y
C. summaryHomePath
it
ur
D. warmToColdScript
ec
S
Answer: B
e
is
pr
Explanation:
er
nt
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Accelera
E
k
tedatamodels
un
pl
S
26. A customer site is experiencing poor performance. The UI response time is high
and searches take a very long time to run. Some operations time out and there are
errors in the scheduler logs, indicating too many concurrent searches are being
started. 6 total correlation searches are scheduled and they have already been tuned
to weed out false positives.
Which of the following options is most likely to help performance?
A. Change the search heads to do local indexing of summary searches.
B. Add heavy forwarders between the universal forwarders and indexers so inputs
can be parsed before indexing.
C. Increase memory and CPUs on the search head(s) and add additional indexers.
D. If indexed realtime search is enabled, disable it for the notable index.
Answer: C
e
as
https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecuritySHC
B
ps
um
D
2
.0
28. Which of these Is a benefit of data normalization?
10
V
A. Reports run faster because normalized data models can be optimized for better
ps
performance.
um
D
B. Dashboards take longer to build.
001
C. Searches can be built no matter the specific source technology for a normalized
-3
LK
data type.
P
S
Answer: A
A
ed
fi
ti
er
C
y
29. If a username does not match the ‘identity’ column in the identities list, which
it
ur
A. Email.
e
is
pr
B. Nickname
er
nt
C. IP address.
E
k
Answer: A
S
GET FULL VERSION OF SPLK-3001 DUMPS