- Email support@dumps4free.com
How is it possible to specify an alternate location for accelerated storage?
A.
Configure storage optimization settings for the index.
B.
Update the Home Path setting in indexes, conf
C.
Use the tstatsHomePath setting in props, conf
D.
Use the tstatsHomePath Setting in indexes, conf
Use the tstatsHomePath setting in props, conf
Which settings indicated that the correlation search will be executed as new events are indexed?
A.
Always-On
B.
Real-Time
C.
Scheduled
D.
Continuous
Scheduled
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches
When investigating, what is the best way to store a newly-found IOC?
A.
Paste it into Notepad.
B.
Click the “Add IOC” button.
C.
Click the “Add Artifact” button.
D.
Add it in a text note to the investigation.
Click the “Add Artifact” button.
Which of the following lookup types in Enterprise Security contains information about
known hostile IP addresses?
A.
Security domains.
B.
Threat intel.
C.
Assets.
D.
Domains.
Threat intel.
https://docs.splunk.com/Documentation/ES/6.4.1/Admin/Manageinternallookups
What kind of value is in the red box in this picture?
A.
A risk score.
B.
A source ranking.
C.
An event priority.
D.
An IP address rating.
A risk score.
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventColl
ector
| Page 6 out of 20 Pages |
| Previous |