File Info
| Exam | Splunk Enterprise Security Certified Admin |
| Number | SPLK-3001 |
| File Name | Splunk.SPLK-3001.CertDumps.2024-08-02.65q.tqb |
| Size | 226 KB |
| Posted | Aug 02, 2024 |
| Download | Splunk.SPLK-3001.CertDumps.2024-08-02.65q.tqb |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following is an adaptive action that is configured by default for ES?
- Create notable event
- Create new correlation search
- Create investigation
- Create new asset
Correct answer: A
Question 2
Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?
- SplunkWeb (8068), Splunk Management (8089), KV Store (8000)
- SplunkWeb (8390), Splunk Management (8323), KV Store (8672)
- SplunkWeb (8000), Splunk Management (8089), KV Store (8191)
- SplunkWeb (8043), Splunk Management (8088), KV Store (8191)
Correct answer: C
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/SecureSplunkonyournetwork https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/SecureSplunkonyournetwork
Question 3
A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.
Which of the following options is most likely to help performance?
- Change the search heads to do local indexing of summary searches.
- Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.
- Increase memory and CPUs on the search head(s) and add additional indexers.
- If indexed realtime search is enabled, disable it for the notable index.
Correct answer: C
