Practice Exams:

Free SPLK-3001 Exam Braindumps

Pass your Splunk Enterprise Security Certified Admin Exam exam with these free Questions and Answers

Page 3 of 20
PDF with 97 Questions
QUESTION 6

Who can delete an investigation?

  1. A. ess_admin users only.
  2. B. The investigation owner only.
  3. C. The investigation owner and ess-admin.
  4. D. The investigation owner and collaborators.

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Manageinvestigations

QUESTION 7

Which of the following is a key feature of a glass table?

  1. A. Rigidity.
  2. B. Customization.
  3. C. Interactive investigations.
  4. D. Strong data for later retrieval.

Correct Answer: B

QUESTION 8

Enterprise Security’s dashboards primarily pull data from what type of knowledge object?

  1. A. Tstats
  2. B. KV Store
  3. C. Data models
  4. D. Dynamic lookups

Correct Answer: C
Reference: https://docs.splunk.com/Splexicon:Knowledgeobject

QUESTION 9

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

  1. A. When adding apps to the deployment server.
  2. B. Splunk_TA_ForIndexers.spl is installed first.
  3. C. After installing ES on the search head(s) and running the distributed configuration management tool.
  4. D. Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons

QUESTION 10

Which data model populated the panels on the Risk Analysis dashboard?

  1. A. Risk
  2. B. Audit
  3. C. Domain analysis
  4. D. Threat intelligence

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskAnalysis#Dashboard_panels

Page 3 of 20
PDF with 97 Questions

Post your Comments and Discuss Splunk SPLK-3001 exam with other Community members: