SPLK-3001 Practice Test

Which of the following is an adaptive action that is configured by default for ES?

A.

Create notable event

B.

Create new correlation search

C.

Create investigation

D.

Create new asset

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

A.

Lookup searches.

B.

Summarized data.

C.

Security metrics.

D.

Metrics store searches.

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?

A.

Configure -> Incident Management -> Notable Event Statuses

B.

Configure -> Content Management -> Type: Correlation Search

C.

Configure -> Incident Management -> Incident Review Settings -> Event Management

D.

Configure -> Incident Management -> Incident Review Settings -> Table Attributes

Where is it possible to export content, such as correlation searches, from ES?

A.

Content exporter

B.

Configure -> Content Management

C.

Export content dashboard

D.

Settings Menu -> ES -> Export

An administrator is asked to configure an “Nslookup” adaptive response action, so that it
appears as a selectable option in the notable event’s action menu when an analyst is
working in the Incident Review dashboard. What steps would the administrator take to
configure this option?

A.

Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup

B.

Configure -> Type: Correlation Search -> Notable -> Recommended Actions ->
Nslookup

C.

Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup

D.

Configure -> Content Management -> Type: Correlation Search -> Notable ->
Recommended Actions -> Nslookup