Splunk SPLK-3001 - Splunk Enterprise Security Certified Admin Exam
Page: 1 / 20
Total 100 questions
Question #1 (Topic: Single Topic)
The Add-On Builder creates Splunk Apps that start with what?
A. DA-
B. SA-
C. TA-
D. App-
Answer: C
Question #2 (Topic: Single Topic)
Which of the following are examples of sources for events in the endpoint security domain dashboards?
A. REST API invocations.
B. Investigation final results status.
C. Workstations, notebooks, and point-of-sale systems.
D. Lifecycle auditing of incidents, from assignment to resolution.
Answer: D
Question #3 (Topic: Single Topic)
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
A. $fieldname$
B. ג€fieldnameג€
C. %fieldname%
D. _fieldname_
Answer: C
Question #4 (Topic: Single Topic)
What feature of Enterprise Security downloads threat intelligence data from a web server?
A. Threat Service Manager
B. Threat Download Manager
C. Threat Intelligence Parser
D. Threat Intelligence Enforcement
Answer: B
Question #5 (Topic: Single Topic)
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data.
What data model should be checked for potential errors such as skipped searches?
What data model should be checked for potential errors such as skipped searches?
A. Web
B. Risk
C. Performance
D. Authentication
Answer: A
