New Year Special Sale Limited Time 70% Discount Offer - Ends in 1d 22h 19m 41s - Coupon code: scxmas70

SPLK-3001 Exam Dumps - Splunk Enterprise Security Certified Admin Exam

Go to page:
Question # 17

Which data model populated the panels on the Risk Analysis dashboard?

A.

Risk

B.

Audit

C.

Domain analysis

D.

Threat intelligence

Full Access
Question # 18

To which of the following should the ES application be uploaded?

A.

The indexer.

B.

The KV Store.

C.

The search head.

D.

The dedicated forwarder.

Full Access
Question # 19

Where should an ES search head be installed?

A.

On a Splunk server with top level visibility.

B.

On any Splunk server.

C.

On a server with a new install of Splunk.

D.

On a Splunk server running Splunk DB Connect.

Full Access
Question # 20

Who can delete an investigation?

A.

ess_admin users only.

B.

The investigation owner only.

C.

The investigation owner and ess-admin.

D.

The investigation owner and collaborators.

Full Access
Question # 21

An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?

A.

OS: 32 bit, RAM: 16 MB, CPU: 12 cores

B.

OS: 64 bit, RAM: 32 MB, CPU: 12 cores

C.

OS: 64 bit, RAM: 12 MB, CPU: 16 cores

D.

OS: 64 bit, RAM: 32 MB, CPU: 16 cores

Full Access
Question # 22

What is the default schedule for accelerating ES Datamodels?

A.

1 minute

B.

5 minutes

C.

15 minutes

D.

1 hour

Full Access
Question # 23

What should be used to map a non-standard field name to a CIM field name?

A.

Field alias.

B.

Search time extraction.

C.

Tag.

D.

Eventtype.

Full Access
Question # 24

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

A.

Indexes might crash.

B.

Indexes might be processing.

C.

Indexes might not be reachable.

D.

Indexes have different settings.

Full Access
Go to page: