Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

AWhen adding apps to the deployment server.

BSplunk_TA_ForIndexers.spl is installed first.

CAfter installing ES on the search head(s) and running the distributed configuration management tool.

DSplunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Answer : C

Question 2

To which of the following should the ES application be uploaded?

AThe indexer.

BThe KV Store.

CThe search head.

DThe dedicated forwarder.

Answer : C

Question 3

Which data model populated the panels on the Risk Analysis dashboard?

ARisk

BAudit

CDomain analysis

DThreat intelligence

Answer : A

Question 4

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

A$SPLUNK_HOME/etc/master-apps/

B$SPLUNK_HOME/etc/system/local/

C$SPLUNK_HOME/etc/shcluster/apps

D$SPLUNK_HOME/var/run/searchpeers/

Answer : C

The upgraded contents of the staging instance will be migrated back to the deployer and deployed to the search head cluster members. On the staging instance, copy $SPLUNK_HOME/etc/apps to

$SPLUNK_HOME/etc/shcluster/apps on the deployer. 1. On the deployer, remove any deprecated apps or add-ons in $SPLUNK_HOME/etc/shcluster/apps that were removed during the upgrade on staging. Confirm by reviewing the ES upgrade report generated on staging, or by examining the apps moved into

$SPLUNK_HOME/etc/disabled-apps on staging

Question 5

A security manager has been working with the executive team en long-range security goals. A primary goal for the team Is to Improve managing user risk in the organization. Which of the following ES features can help identify users accessing inappropriate web sites?

AConfiguring the identities lookup with user details to enrich notable event Information for forensic analysis.

BMake sure the Authentication data model contains up-to-date events and is properly accelerated.

CConfiguring user and website watchlists so the User Activity dashboard will highlight unwanted user actions.

DUse the Access Anomalies dashboard to identify unusual protocols being used to access corporate sites.

Answer : C

Question 6

Which component normalizes events?

ASA-CIM.

BSA-Notable.

CES application.

DTechnology add-on.

Answer : A

Question 7

In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?

ASave the settings.

BApply the correct tags.

CRun the correct search.

DVisit the CIM dashboard.

Answer : C

Splunk Enterprise Security Certified Admin SPLK-3001 Exam Practice Test