SPLK-3001 Online Practice Questions and Answers

What does the summariesonly=true option do for a correlation search?

A. Searches only accelerated data.

B. Forwards summary indexes to the indexing tier.

C. Uses a default summary time range.

D. Searches summary indexes only.

Both "Recommended Actions" and "Adaptive Response Actions" use adaptive response.

How do they differ?

A. Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.

B. Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.

C. Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.

D. Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.

When investigating, what is the best way to store a newly-found IOC?

A. Paste it into Notepad.

B. Click the "Add IOC" button.

C. Click the "Add Artifact" button.

D. Add it in a text note to the investigation.

How should an administrator add a new lookup through the ES app?

A. Upload the lookup file in Settings -> Lookups -> Lookup Definitions

B. Upload the lookup file in Settings -> Lookups -> Lookup table files

C. Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups

D. Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

"10.22.63.159", "websvr4", and "00:26:08:18: CF:1D" would be matched against what in ES?

A. A user.

B. A device.

C. An asset.

D. An identity.

In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?

A. Save the settings.

B. Apply the correct tags.

C. Run the correct search.

D. Visit the CIM dashboard.

When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?

A. indexes.conf, props.conf, transforms.conf

B. web.conf, props.conf, transforms.conf

C. inputs.conf, props.conf, transforms.conf

D. eventtypes.conf, indexes.conf, tags.conf

Which feature contains scenarios that are useful during ES Implementation?

A. Use Case Library

B. Correlation Searches

C. Predictive Analytics

D. Adaptive Responses

Which indexes are searched by default for CIM data models?

A. notable and default

B. summary and notable

C. _internal and summary

D. All indexes

Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.

Which dashboards will now be supported so analysts can view and analyze network Stream data?

A. Endpoint dashboards.

B. User Intelligence dashboards.

C. Protocol Intelligence dashboards.

D. Web Intelligence dashboards.