Splunk Enterprise Security Certified Admin v1.0

Page:    1 / 7   
Exam contains 100 questions
Expand All

Where is the Add-On Builder available from?

  • A. GitHub
  • B. SplunkBase
  • C. www.splunk.com
  • D. The ES installation package


Answer : B

Reference:
https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

  • A. A prefix of CIM_
  • B. A suffix of .spl
  • C. A prefix of TECH_
  • D. A prefix of Splunk_TA_


Answer : D

Reference:
https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/

ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?

  • A. $SPLUNK_HOME/etc/master-apps/
  • B. $SPLUNK_HOME/etc/system/local/
  • C. $SPLUNK_HOME/etc/shcluster/apps
  • D. $SPLUNK_HOME/var/run/searchpeers/


Answer : C

The upgraded contents of the staging instance will be migrated back to the deployer and deployed to the search head cluster members. On the staging instance, copy $SPLUNK_HOME/etc/apps to $SPLUNK_HOME/etc/shcluster/apps on the deployer. 1. On the deployer, remove any deprecated apps or add-ons in
$SPLUNK_HOME/etc/shcluster/apps that were removed during the upgrade on staging. Confirm by reviewing the ES upgrade report generated on staging, or by examining the apps moved into $SPLUNK_HOME/etc/disabled-apps on staging

How is notable event urgency calculated?

  • A. Asset priority and threat weight.
  • B. Alert severity found by the correlation search.
  • C. Asset or identity risk and severity found by the correlation search.
  • D. Severity set by the correlation search and priority assigned to the associated asset or identity.


Answer : D

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

What kind of value is in the red box in this picture?

  • A. A risk score.
  • B. A source ranking.
  • C. An event priority.
  • D. An IP address rating.


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventCollector

Where is it possible to export content, such as correlation searches, from ES?

  • A. Content exporter
  • B. Configure -> Content Management
  • C. Export content dashboard
  • D. Settings Menu -> ES -> Export


Answer : B

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Export

Which of the following threat intelligence types can ES download? (Choose all that apply.)

  • A. Text
  • B. STIX/TAXII
  • C. VulnScanSPL
  • D. SplunkEnterpriseThreatGenerator


Answer : B

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance.
What is the best practice for installing ES?

  • A. Install ES on the existing search head.
  • B. Add a new search head and install ES on it.
  • C. Increase the number of CPUs and amount of memory on the search head, then install ES.
  • D. Delete the non-CIM-compliant apps from the search head, then install ES.


Answer : B

Reference:
https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf

Enterprise Security's dashboards primarily pull data from what type of knowledge object?

  • A. Tstats
  • B. KV Store
  • C. Data models
  • D. Dynamic lookups


Answer : C

Reference:
https://docs.splunk.com/Splexicon:Knowledgeobject

To which of the following should the ES application be uploaded?

  • A. The indexer.
  • B. The KV Store.
  • C. The search head.
  • D. The dedicated forwarder.


Answer : C

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecuritySHC

If a username does not match the `˜identity' column in the identities list, which column is checked next?

  • A. Email.
  • B. Nickname
  • C. IP address.
  • D. Combination of Last Name, First Name.


Answer : C

Which of the following features can the Add-on Builder configure in a new add-on?

  • A. Expire data.
  • B. Normalize data.
  • C. Summarize data.
  • D. Translate data.


Answer : B

Reference:
https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Overview

What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployment?

  • A. 50 GB
  • B. 100 GB
  • C. 300 GB
  • D. 500 MB


Answer : B

Reference:
https://docs.splunk.com/Documentation/ITSI/4.4.2/Install/Plan

ES needs to be installed on a search head with which of the following options?

  • A. No other apps.
  • B. Any other apps installed.
  • C. All apps removed except for TA-*.
  • D. Only default built-in and CIM-compliant apps.


Answer : A

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallEnterpriseSecurity

Which settings indicates that the correlation search will be executed as new events are indexed?

  • A. Always-On
  • B. Real-Time
  • C. Scheduled
  • D. Continuous


Answer : C

Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

Page:    1 / 7   
Exam contains 100 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy