Which of the following threat intelligence types can ES download? (Choose all that apply)
Correct Answer:
B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed
An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?
Correct Answer:
D
To observe what network services are in use in a network’s activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?
Correct Answer:
A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/NetworkProtectionDomaindashboards
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
Correct Answer:
C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring
What is the first step when preparing to install ES?
Correct Answer:
D