Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

What is the main purpose of the Dashboard Requirements Matrix document?

AIdentifies on which data model(s) each dashboard depends.

BProvides instructions for customizing each dashboard for local data models.

CIdentifies the searches used by the dashboards.

DIdentifies which data model(s) depend on each dashboard.

Answer : D

Question 2

What does the summariesonly=true option do for a correlation search?

ASearches only accelerated data.

BForwards summary indexes to the indexing tier.

CUses a default summary time range.

DSearches summary indexes only.

Answer : A

Question 3

Which columns in the Assets lookup are used to identify an asset in an event?

Asrc, dvc, dest

Bcidr, port, netbios, saml

Cip, mac, dns, nt_host

Dhost, hostname, url, address

Answer : C

Question 4

Which two fields combine to create the Urgency of a notable event?

APriority and Severity.

BPriority and Criticality.

CCriticality and Severity.

DPrecedence and Time.

Answer : A

Question 5

Which of the following actions would not reduce the number of false positives from a correlation search?

AReducing the severity.

BRemoving throttling fields.

CIncreasing the throttling window.

DIncreasing threshold sensitivity.

Answer : A

Question 6

Adaptive response action history is stored in which index?

Acim_modactions

Bmodular_history

Ccim_adaptiveactions

Dmodular_action_history

Answer : A

Question 7

To observe what network services are in use in a network's activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?

AIntrusion Center

BProtocol Analysis

CUser Intelligence

DThreat Intelligence

Answer : B

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7