Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

Which of the following features can the Add-on Builder configure in a new add-on?

AExpire data.

BNormalize data.

CSummarize data.

DTranslate data.

Answer : B

Question 2

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?

AEdit the search and modify the notable event status field to make the notable events less urgent.

BEdit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.

CEdit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.

DModify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.

Answer : B

Question 3

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

AA prefix of CIM_

BA suffix of .spl

CA prefix of TECH_

DA prefix of Splunk_TA_

Answer : D

Question 4

Where are attachments to investigations stored?

AKV Store

Bnotable index

Cattachments.csv lookup

D<splunk_home>/etc/apps/SA-Investigations/default/ui/views/attachments

Answer : A

Question 5

Which of these Is a benefit of data normalization?

AReports run faster because normalized data models can be optimized for better performance.

BDashboards take longer to build.

CSearches can be built no matter the specific source technology for a normalized data type.

DForwarder-based inputs are more efficient.

Answer : A

Question 6

Which of the following is a key feature of a glass table?

ARigidity.

BCustomization.

CInteractive investigations.

DStrong data for later retrieval.

Answer : B

Question 7

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

A$fieldname$

B''fieldname''

C%fieldname%

D_fieldname_

Answer : A

Splunk Enterprise Security Certified Admin SPLK-3001 Exam Practice Test