Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-3001

Free SPLK-3001 Exam Braindumps (page: 2)

Page 2 of 14
PDF with 100 Questions

The Add-On Builder creates Splunk Apps that start with what?

  1. DA-
  2. SA-
  3. TA-
  4. App-

Answer(s): C


Reference:

https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/



Which of the following are examples of sources for events in the endpoint security domain dashboards?

  1. REST API invocations.
  2. Investigation final results status.
  3. Workstations, notebooks, and point-of-sale systems.
  4. Lifecycle auditing of incidents, from assignment to resolution.

Answer(s): C


Reference:

https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards



When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

  1. $fieldname$
  2. "fieldname"
  3. %fieldname%
  4. _fieldname_

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch



What feature of Enterprise Security downloads threat intelligence data from a web server?

  1. Threat Service Manager
  2. Threat Download Manager
  3. Threat Intelligence Parser
  4. Therat Intelligence Enforcement

Answer(s): B

Explanation:

"The Threat Intelligence Framework provides a modular input (Threat Intelligence Downloads) that handles the majority of configurations typically needed for downloading intelligence files & data. To access this modular input, you simply need to create a stanza in your Inputs.conf file called "threatlist"."



The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of dat

  1. What data model should be checked for potential errors such as skipped searches?
  2. Web
  3. Risk
  4. Performance
  5. Authentication

Answer(s): D


Reference:

https://answers.splunk.com/answers/565482/how-to-resolve-skipped-scheduled- searches.html



In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?

  1. Save the settings.
  2. Apply the correct tags.
  3. Run the correct search.
  4. Visit the CIM dashboard.

Answer(s): C


Reference:

https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizeOSSECdata



What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?

  1. ess_user
  2. ess_admin
  3. ess_analyst
  4. ess_reviewer

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ES/6.1.0/User/Triagenotableevents



Which column in the Asset or Identity list is combined with event security to make a notable event's urgency?

  1. VIP
  2. Priority
  3. Importance
  4. Criticality

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned






Post your Comments and Discuss Splunk® SPLK-3001 exam prep with other Community members:

SPLK-3001 Exam Discussions & Posts