SPLUNK SPLK 3001
Q: 1
Which of the following steps will make the Threat Activity dashboard the default landing page in ES?
Options
Q: 2
Which lookup table does the Default Account Activity Detected correlation search use to flag known
default accounts?
Options
Q: 3
Following the installation of ES, an admin configured users with the ess_user role the ability to close
notable events.
How would the admin restrict these users from being able to change the status of Resolved notable
events to Closed?
Options
Q: 4
What is the main purpose of the Dashboard Requirements Matrix document?
Options
Q: 5
Who can delete an investigation?
Options
Q: 6
Which component normalizes events?
Options
Q: 7
After data is ingested, which data management step is essential to ensure raw data can be
accelerated by a Data Model and used by ES?
Options
Q: 8
Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to
close notable events. How would the admin restrict these users from being able to change the status
of Resolved notable events to closed?
Options
Q: 9
Which tool Is used to update indexers In E5?
Options
Q: 10
When investigating, what is the best way to store a newly-found IOC?
Options
Question 1 of 10
