Splunk SPLK-3001 시험

Question No : 1

How is notable event urgency calculated?

• A.Asset priority and threat weight.
• B.Alert severity found by the correlation search.
• C.Asset or identity risk and severity found by the correlation search.
• D.Severity set by the correlation search and priority assigned to the associated asset or identity.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

Question No : 2

If a username does not match the ‘identity’ column in the identities list, which column is checked next?

• A.Email.
• B.Nickname
• C.IP address.
• D.Combination of Last Name, First Name.

답을 확인하기

정답:

Question No : 3

Which of these Is a benefit of data normalization?

• A.Reports run faster because normalized data models can be optimized for better performance.
• B.Dashboards take longer to build.
• C.Searches can be built no matter the specific source technology for a normalized data type.
• D.Forwarder-based inputs are more efficient.

답을 확인하기

정답:

Question No : 4

To which of the following should the ES application be uploaded?

• A.The indexer.
• B.The KV Store.
• C.The search head.
• D.The dedicated forwarder.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecuritySHC

Question No : 5

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.
Which of the following options is most likely to help performance?

• A.Change the search heads to do local indexing of summary searches.
• B.Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.
• C.Increase memory and CPUs on the search head(s) and add additional indexers.
• D.If indexed realtime search is enabled, disable it for the notable index.

답을 확인하기

정답:

Question No : 6

Which setting is used in indexes.conf to specify alternate locations for accelerated storage?

• A.thawedPath
• B.tstatsHomePath
• C.summaryHomePath
• D.warmToColdScript

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels

Question No : 7

How is it possible to navigate to the ES graphical Navigation Bar editor?

• A.Configure -> Navigation Menu
• B.Configure -> General -> Navigation
• C.Settings -> User Interface -> Navigation -> Click on “Enterprise Security”
• D.Settings -> User Interface -> Navigation Menus -> Click on “default” next to SplunkEnterpriseSecuritySuite

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizemenubar#Restore_the_default_navigation

Question No : 8

Which of the following is an adaptive action that is configured by default for ES?

• A.Create notable event
• B.Create new correlation search
• C.Create investigation
• D.Create new asset

답을 확인하기

정답:

Question No : 9

Where should an ES search head be installed?

• A.On a Splunk server with top level visibility.
• B.On any Splunk server.
• C.On a server with a new install of Splunk.
• D.On a Splunk server running Splunk DB Connect.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Export

Question No : 10

Which of the following steps will make the Threat Activity dashboard the default landing page in ES?

• A.From the Edit Navigation page, drag and drop the Threat Activity view to the top of the page.
• B.From the Preferences menu for the user, select Enterprise Security as the default application.
• C.From the Edit Navigation page, click the 'Set this as the default view" checkmark for Threat Activity.
• D.Edit the Threat Activity view settings and checkmark the Default View option.

답을 확인하기

정답:

Question No : 11

Which argument to the | tstats command restricts the search to summarized data only?

• A.summaries=t
• B.summaries=all
• C.summariesonly=t
• D.summariesonly=all

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels

Question No : 12

The option to create a Short ID for a notable event is located where?

• A.The Additional Fields.
• B.The Event Details.
• C.The Contributing Events.
• D.The Description.

답을 확인하기

정답:
Explanation:
https://docs.splunk.com/Documentation/ES/6.4.1/User/Takeactiononanotableevent

Question No : 13

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

• A.Lookup searches.
• B.Summarized data.
• C.Security metrics.
• D.Metrics store searches.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable

Question No : 14

What is the bar across the bottom of any ES window?

• A.The Investigator Workbench.
• B.The Investigation Bar.
• C.The Analyst Bar.
• D.The Compliance Bar.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.4.1/User/Startaninvestigation

Question No : 15

The Add-On Builder creates Splunk Apps that start with what?

• A.DA-
• B.SA-
• C.TA-
• D.App-

답을 확인하기

정답:
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/