Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

AInstall ES on the existing search head.

BAdd a new search head and install ES on it.

CIncrease the number of CPUs and amount of memory on the search head, then install ES.

DDelete the non-CIM-compliant apps from the search head, then install ES.

Answer : B

Question 2

The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of dat

a. What data model should be checked for potential errors such as skipped searches?

AWeb

BRisk

CPerformance

DAuthentication

Answer : D

Question 3

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

AWhen adding apps to the deployment server.

BSplunk_TA_ForIndexers.spl is installed first.

CAfter installing ES on the search head(s) and running the distributed configuration management tool.

DSplunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Answer : C

Question 4

Which of the following are examples of sources for events in the endpoint security domain dashboards?

AREST API invocations.

BInvestigation final results status.

CWorkstations, notebooks, and point-of-sale systems.

DLifecycle auditing of incidents, from assignment to resolution.

Answer : C

Question 5

Which indexes are searched by default for CIM data models?

Anotable and default

Bsummary and notable

C_internal and summary

DAll indexes

Answer : D

Question 6

When investigating, what is the best way to store a newly-found IOC?

APaste it into Notepad.

BClick the ''Add IOC'' button.

CClick the ''Add Artifact'' button.

DAdd it in a text note to the investigation.

Answer : C

Question 7

How is notable event urgency calculated?

AAsset priority and threat weight.

BAlert severity found by the correlation search.

CAsset or identity risk and severity found by the correlation search.

DSeverity set by the correlation search and priority assigned to the associated asset or identity.

Answer : D

Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test