top of page

Splunk Certification Exam Dumps

1

How is notable event urgently calculated?

Alert Severity found by the correlation search

A.

Assest priority and threat weight

B.

Severity set by the correlation search and priority assigned to the associated asset or identity

C.

Asset or identity risk and severity found by the correlation search

D.

Show Correct Answer

2

What is the defualt schedule for accelerating ES datamodels?

1 Minute

A.

15 Minutes

B.

1 Hour

C.

5 Minutes

D.

Show Correct Answer

3

What tools does the Risk Analysis dashboard provide?

Notable event domains displayed by risk score

A.

A display of the highest risk assets and identities

B.

Key Indicators showing the highest probability correlation searches in the environment

C.

High Risk Threats

D.

Show Correct Answer

4

To which of the following should the ES application be uploaded?

The search Head

A.

The KV Store

B.

The indexer

C.

The dedicated forwarder

D.

Show Correct Answer

5

Who can delete an investigation?

The investigation owner and ess-admin

A.

ess_admin users only

B.

The investigation owner and collaborators

C.

The investigation owner only

D.

Show Correct Answer

6

When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing update to ES content?

Either use new app names or always include both existing and new content

A.

Use new app names each time content is exported

B.

Do not use the .spl extension when naming an export

C.

Always include existing and new content for each export

D.

Show Correct Answer

7

Which of the following threat intelligence types can ES download? (Choose all that apply)

SplunkEnterpriseThreatGenerator

A.

Text

B.

STIX/TAXII

C.

VulnScanSPL

D.

Show Correct Answer

8

If a username does not match the "identity" column in the identities list, which column is checked next?

Combination of Last Name, First Name

A.

Email

B.

Nickname

C.

IP address

D.

Show Correct Answer

9

Which component normalizez events?

SA-CIM

A.

ES Application

B.

Technology add-on

C.

SA-Notable

D.

Show Correct Answer

10

What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployement?

50 GB

A.

500 MB

B.

300 GB

C.

100 GB

D.

Show Correct Answer

11

Which setting indicated that the correlation search will be executed as new events are indexed?

Continuos

A.

Real-Time

B.

Scheduled

C.

Always-On

D.

Show Correct Answer

12

Adaptive response action history is stored in which index?

modular_history

A.

modular_action_history

B.

cim_adaptiveactions

C.

cim_modactions

D.

Show Correct Answer

13

Glass tables can display static images and text, the resultof ad-hoc searches, and which of the following object?

Metric Store Searches

A.

Summarized Data

B.

Lookup searches

C.

Security Metrics

D.

Show Correct Answer

14

Which of the following actions would not reduce the number of false positives from a correlation search?

Removing Throttling Fields

A.

Reducing the severity

B.

Increasing the throttling window

C.

Increasing threshold sensitivity

D.

Show Correct Answer

15

Which Data model populated the panels on the Risk Analysis dashboard?

Threat Intelligence

A.

Domain Analysis

B.

Risk

C.

Audit

D.

Show Correct Answer

16

Where is the Add-On Builder available from?

splunk[dot]com

A.

SplunkBase

B.

The ES installation Package

C.

GitHub

D.

Show Correct Answer

17

Where are the attachments to investigations stored?

attachments .csv lookup

A.

<splunk_home>/etc/apps/SA-Investigations/default/ui/views/attachments

B.

KV Store

C.

Notable Index

D.

Show Correct Answer

18

To observe what network services are in use in a network's activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?

User Intelligence

A.

Protocol Analysis

B.

Threat Intelligence

C.

Intrusion Center

D.

Show Correct Answer

19

How is it possible to navigate to the ES graphical Navigation Bar editor?

Setting - > User Interface -> Navigation -> Clock on "Enterprise Security"

A.

Configure -> Navigation Menu

B.

Configure -> General -> Navigation

C.

Setting -> User interface -> Navigation Menus -> Click on De"default" next to SplunkEnterpriseSecuritysuite

D.

Show Correct Answer

20

Where is it possible to export content, such as correlation searches, from ES?

Content Exporter

A.

Setting Menu -> ES -> Export

B.

Confugure -> Content Management

C.

Export Content Dashboard

D.

Show Correct Answer

21

ES Needs to be installed on a search head with which of the following options?

Any other apps installed

A.

No other apps

B.

Only default built in and CIM complaint apps

C.

All apps removed except for TA-*

D.

Show Correct Answer

22

Which of the following actions can improve overall search performance?

Increase priority of all correlation searches

A.

Reduce the frequency (schedule) of lower-priority correlation searches

B.

Add notable event suppressions for correlation searches with high number of false positives

C.

Disable indexed real-time search

D.

Show Correct Answer

23

Enterprise Security's Dashboards primarily pull data from what type of knowledge object?

Dynamic Lookups

A.

Data Models

B.

Tstats

C.

KV Store

D.

Show Correct Answer

24

ES Apps and add-ons from $Splunk_Home/etx/apps should be copied from the staging instance to what location on the cluster deployer instance?

$Splunk_HOME/etc/system/local/

A.

$SPLUNK_HOME/var/run/searchpeers/

B.

$SPLUNK_HOME/etc/master-apps/

C.

$SPLUNK_HOME/etc/shcluster/apps

D.

Show Correct Answer

25

A site has a single existing search head which hosts a mix of both CIM and non-CIM complaint applications. All of the applications are mission-critical.The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

ADD a new search head and install ES on it

A.

Increase the number of CPUs and amount of memory on the search head, then install ES

B.

Delete the non-CIM- Complaint apps from the search head, then install ES

C.

Install ES on the existing search Head

D.

Show Correct Answer

26

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

Data Integrity Control

A.

Indexer acknowledgement

B.

Index Access Permissions

C.

Index Consistency

D.

Show Correct Answer

27

An administrator is asked to configure an "Nslookup" adaptive response action, so that it appears as a selectable option in the notable event�s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

Configure -> Content Management -> Type : Correlation search -> Notable -> Next Step -> Nslookup

A.

Configure -> Type: Correlation Search -> Notable -> Recommended Action -> Nslookup

B.

Configure -> Content Management -> Type : Correlation Search -> Notable -> Nslookup

C.

Configure -> content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> NsLookup

D.

Show Correct Answer

28

What is the first step when preparing to install ES?

Determine the size and scope of installation

A.

Determine the hardware required

B.

Determine the data sources used

C.

Install ES

D.

Show Correct Answer

29

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

A Prefix of TECH_

A.

A prefix of Splunk_TA_

B.

A suffix of .spl

C.

A prefix of CIM_

D.

Show Correct Answer

30

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

Threat download dashboard

A.

Protocol Intelligence dashboard

B.

Key Indicator search

C.

Correlation editor

D.

Show Correct Answer
bottom of page