Splunk SPLK-3001 Splunk Enterprise Security Certified Admin Exam Practice Test

Page: 1 / 14
Total 99 questions
Question 1

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?



Answer : B


Question 2

What should be used to map a non-standard field name to a CIM field name?



Answer : A


Question 3

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.

Which of the following options is most likely to help performance?



Answer : C


Question 4

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?



Answer : C


Question 5

What can be exported from ES using the Content Management page?



Answer : C


%20content%20from%20Splunk%20Enterprise%20Security%20as,from%20the%20Content%20Management

%20page.&text=You%20can%20export%20any%20type,%2C%20data%20models%2C%20and%20views.

Question 6

Which of the following actions may be necessary before installing ES?



Answer : C


Question 7

Which tool Is used to update indexers In E5?



Answer : B


Page:    1 / 14   
Total 99 questions