- All Exams Instant Download
“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?
“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?A . A user.B . A device.C . An asset.D . An identity.View AnswerAnswer: B
What data model should be checked for potential errors such as skipped searches?
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data. What data model should be checked for potential errors such as skipped searches?A . WebB . RiskC . PerformanceD . AuthenticationView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/565482/how-to-resolve-skipped-scheduled-searches.html
Where is the Add-On Builder available from?
Where is the Add-On Builder available from?A . GitHubB . SplunkBaseC . www.splunk.comD . The ES installation packageView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation
Which of the following threat intelligence types can ES download? (Choose all that apply)
Which of the following threat intelligence types can ES download? (Choose all that apply)A . TextB . STIX/TAXIIC . VulnScanSPLD . SplunkEnterpriseThreatGeneratorView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed
Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?
Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?A . A prefix of CIM_B . A suffix of .splC . A prefix of TECH_D . A prefix of Splunk_TA_View AnswerAnswer: D Explanation: Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/
At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?
At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?A . When adding apps to the deployment server.B . Splunk_TA_ForIndexers.spl is installed first.C . After installing ES on the search head(s) and running the distributed configuration management tool.D . Splunk_TA_ForIndexers.spl is only installed on indexer...
Which feature contains scenarios that are useful during ES Implementation?
Which feature contains scenarios that are useful during ES Implementation?A . Use Case LibraryB . Correlation SearchesC . Predictive AnalyticsD . Adaptive ResponsesView AnswerAnswer: A
When investigating, what is the best way to store a newly-found IOC?
When investigating, what is the best way to store a newly-found IOC?A . Paste it into Notepad.B . Click the “Add IOC” button.C . Click the “Add Artifact” button.D . Add it in a text note to the investigation.View AnswerAnswer: B
What is the best practice for installing ES?
A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?A . Install ES on the...
Which of the following features can the Add-on Builder configure in a new add-on?
Which of the following features can the Add-on Builder configure in a new add-on?A . Expire data.B . Normalize data.C . Summarize data.D . Translate data.View AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Overview
