File Info
| Exam | Splunk Enterprise Security Certified Admin |
| Number | SPLK-3001 |
| File Name | Splunk.SPLK-3001.SelfTestEngine.2020-04-07.25q.vcex |
| Size | 16 KB |
| Posted | Apr 07, 2020 |
| Download | Splunk.SPLK-3001.SelfTestEngine.2020-04-07.25q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
The Add-On Builder creates Splunk Apps that start with what?
- DA-
- SA-
- TA-
- App-
Correct answer: C
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/ Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/
Question 2
What feature of Enterprise Security downloads threat intelligence data from a web server?
- Threat Service Manager
- Threat Download Manager
- Threat Intelligence Parser
- Therat Intelligence Enforcement
Correct answer: B
Question 3
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?
- VIP
- Priority
- Importance
- Criticality
Correct answer: B
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
Question 4
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
- An urgency.
- A risk profile.
- An aggregation.
- A numeric score.
Correct answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring
Question 5
Which indexes are searched by default for CIM data models?
- notable and default
- summary and notable
- _internal and summary
- All indexes
Correct answer: D
Explanation:
Reference: https://answers.splunk.com/answers/600354/indexes-searched-by-cim-data-models.html Reference: https://answers.splunk.com/answers/600354/indexes-searched-by-cim-data-models.html
Question 6
When investigating, what is the best way to store a newly-found IOC?
- Paste it into Notepad.
- Click the “Add IOC” button.
- Click the “Add Artifact” button.
- Add it in a text note to the investigation.
Correct answer: B
Question 7
Which of the following are data models used by ES? (Choose all that apply)
- Web
- Anomalies
- Authentication
- Network Traffic
Correct answer: B
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/ Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/
Question 8
Which correlation search feature is used to throttle the creation of notable events?
- Schedule priority.
- Window interval.
- Window duration.
- Schedule windows.
Correct answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches
Question 9
How should an administrator add a new lookup through the ES app?
- Upload the lookup file in Settings -> Lookups -> Lookup Definitions
- Upload the lookup file in Settings -> Lookups -> Lookup table files
- Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
- Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup
Correct answer: D
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups
Question 10
Which of the following is a key feature of a glass table?
- Rigidity.
- Customization.
- Interactive investigations.
- Strong data for later retrieval.
Correct answer: B
