SPLK-3001 Practice Test

What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?

A.

ess_user

B.

ess_admin

C.

ess_analyst

D.

ess_reviewer

Adaptive response action history is stored in which index?

A.

cim_modactions

B.

modular_history

C.

cim_adaptiveactions

D.

modular_action_history

Which of the following are examples of sources for events in the endpoint security domain dashboards?

A.

REST API invocations.

B.

Investigation final results status.

C.

Workstations, notebooks, and point-of-sale systems.

D.

Lifecycle auditing of incidents, from assignment to resolution.

After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?

A.

Splunk_DS_ForIndexers.spl

B.

Splunk_ES_ForIndexers.spl

C.

Splunk_SA_ForIndexers.spl

D.

Splunk_TA_ForIndexers.spl

What is the bar across the bottom of any ES window?

A.

The Investigator Workbench.

B.

The Investigation Bar.

C.

The Analyst Bar.

D.

The Compliance Bar.