Splunk SPLK-3001 Exam Practice Test Instant Access

Question 1

Where are attachments to investigations stored?

AKV Store

Bnotable index

Cattachments.csv lookup

D<splunk_home>/etc/apps/SA-Investigations/default/ui/views/attachments

Answer : A

Question 2

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

ALookup searches.

BSummarized data.

CSecurity metrics.

DMetrics store searches.

Answer : C

Question 3

After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?

ASplunk_DS_ForIndexers.spl

BSplunk_ES_ForIndexers.spl

CSplunk_SA_ForIndexers.spl

DSplunk_TA_ForIndexers.spl

Answer : D

Question 4

An administrator is asked to configure an ''Nslookup'' adaptive response action, so that it appears as a selectable option in the notable event's action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

AConfigure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup

BConfigure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

CConfigure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup

DConfigure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

Answer : D

Question 5

An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?

AOS: 32 bit, RAM: 16 MB, CPU: 12 cores

BOS: 64 bit, RAM: 32 MB, CPU: 12 cores

COS: 64 bit, RAM: 12 MB, CPU: 16 cores

DOS: 64 bit, RAM: 32 MB, CPU: 16 cores

Answer : C

Question 6

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

AIndexes might crash.

BIndexes might be processing.

CIndexes might not be reachable.

DIndexes have different settings.

Answer : A

Question 7

How is it possible to navigate to the list of currently-enabled ES correlation searches?

AConfigure -> Correlation Searches -> Select Status ''Enabled''

BSettings -> Searches, Reports, and Alerts -> Filter by Name of ''Correlation''

CConfigure -> Content Management -> Select Type ''Correlation'' and Status ''Enabled''

DSettings -> Searches, Reports, and Alerts -> Select App of ''SplunkEnterpriseSecuritySuite'' and filter by ''- Rule''

Answer : C

Splunk Enterprise Security Certified Admin SPLK-3001 Exam Practice Test