Create Next App

Exam contains 98 questions

Page 9 of 17

Question 49 🔥

An administrator is provisioning one search head prior to installing ES.What are the reference minimum requirements for OS, CPU, and RAM for that machine?

Which database solution meets these requirements?

A. OS: 32 bit, RAM: 16 MB, CPU: 12 cores

Highly voted

B. OS: 64 bit, RAM: 32 MB, CPU: 12 cores

Highly voted

C. OS: 64 bit, RAM: 12 MB, CPU: 16 cores

Highly voted

D. OS: 64 bit, RAM: 32 MB, CPU: 16 cores

Highly voted

Discussion of the question

Question 50 🔥

What tools does the Risk Analysis dashboard provide?

Which database solution meets these requirements?

A. High risk threats.

Highly voted

B. Notable event domains displayed by risk score.

Highly voted

C. A display of the highest risk assets and identities.

Highly voted

D. Key indicators showing the highest probability correlation searches in the environment.

Highly voted

Discussion of the question

Question 51 🔥

When ES content is exported, an app with a .spl extension is automatically created.What is the best practice when exporting and importing updates to ES content?

Which database solution meets these requirements?

A. Use new app names each time content is exported.

Highly voted

B. Do not use the .spl extension when naming an export.

Highly voted

C. Always include existing and new content for each export.

Highly voted

D. Either use new app names or always include both existing and new content.

Highly voted

Discussion of the question

Question 52 🔥

Who can delete an investigation?

Which database solution meets these requirements?

A. ess_admin users only.

Highly voted

B. The investigation owner only.

Highly voted

C. The investigation owner and ess-admin.

Highly voted

D. The investigation owner and collaborators.

Highly voted

Discussion of the question

Question 53 🔥

After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?

Which database solution meets these requirements?

A. Splunk_DS_ForIndexers.spl

Highly voted

B. Splunk_ES_ForIndexers.spl

Highly voted

C. Splunk_SA_ForIndexers.spl

Highly voted

D. Splunk_TA_ForIndexers.spl

Highly voted

Discussion of the question

Question 54 🔥

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated.How can the correlation search be made less sensitive?

Which database solution meets these requirements?

A. Edit the search and modify the notable event status field to make the notable events less urgent.

Highly voted

B. Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.

Highly voted

C. Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.

Highly voted

D. Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

splunk SPLK_3001

Exam contains 98 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us