Splunk SPLK-3001 Exam Questions Instant Access

Question 1

Which data model populated the panels on the Risk Analysis dashboard?

ARisk

BAudit

CDomain analysis

DThreat intelligence

Answer : A

Question 2

What does the risk framework add to an object (user, server or other type) to indicate increased risk?

AAn urgency.

BA risk profile.

CAn aggregation.

DA numeric score.

Answer : D

Question 3

What kind of value is in the red box in this picture?

AA risk score.

BA source ranking.

CAn event priority.

DAn IP address rating.

Answer : A

Question 4

Which two fields combine to create the Urgency of a notable event?

APriority and Severity.

BPriority and Criticality.

CCriticality and Severity.

DPrecedence and Time.

Answer : A

Question 5

If a username does not match the 'identity' column in the identities list, which column is checked next?

AEmail.

BNickname

CIP address.

DCombination of Last Name, First Name.

Answer : A

Question 6

Where should an ES search head be installed?

AOn a Splunk server with top level visibility.

BOn any Splunk server.

COn a server with a new install of Splunk.

DOn a Splunk server running Splunk DB Connect.

Answer : B

Question 7

How is it possible to navigate to the ES graphical Navigation Bar editor?

AConfigure -> Navigation Menu

BConfigure -> General -> Navigation

CSettings -> User Interface -> Navigation -> Click on ''Enterprise Security''

DSettings -> User Interface -> Navigation Menus -> Click on ''default'' next to SplunkEnterpriseSecuritySuite

Answer : B

Splunk Enterprise Security Certified Admin SPLK-3001 Exam Questions