- All Exams Instant Download
What feature of Enterprise Security downloads threat intelligence data from a web server?
What feature of Enterprise Security downloads threat intelligence data from a web server?A . Threat Service ManagerB . Threat Download ManagerC . Threat Intelligence ParserD . Threat Intelligence EnforcementView AnswerAnswer: B
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?A . VIPB . PriorityC . ImportanceD . CriticalityView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
Which argument to the | tstats command restricts the search to summarized data only?
Which argument to the | tstats command restricts the search to summarized data only?A . summaries=tB . summaries=allC . summariesonly=tD . summariesonly=allView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels
Which setting is used in indexes.confto specify alternate locations for accelerated storage?
Which setting is used in indexes.confto specify alternate locations for accelerated storage?A . thawedPathB . tstatsHomePathC . summaryHomePathD . warmToColdScriptView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels
Which of the following are examples of sources for events in the endpoint security domain dashboards?
Which of the following are examples of sources for events in the endpoint security domain dashboards?A . REST API invocations.B . Investigation final results status.C . Workstations, notebooks, and point-of-sale systems.D . Lifecycle auditing of incidents, from assignment to resolution.View AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards
Which of the following is a way to test for a property normalized data model?
Which of the following is a way to test for a property normalized data model?A . Use Audit -> Normalization Audit and check the Errors panel.B . Run a | datamodelsearch, compare results to the CIM documentation for the datamodel.C . Run a | loadjobsearch, look at tag values and...
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?A . Save the settings.B . Apply the correct tags.C . Run the correct search.D . Visit the CIM dashboard.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizeOSSECdata
What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?
What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?A . ess_userB . ess_adminC . ess_analystD . ess_reviewerView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Triagenotableevents
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?A . $fieldname$B . “fieldname”C . %fieldname%D . _fieldname_View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
What does the risk framework add to an object (user, server or other type) to indicate increased risk?A . An urgency.B . A risk profile.C . An aggregation.D . A numeric score.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring
