Download Splunk.SPLK-3001.VCEplus.2020-04-10.60q.tqb
| Vendor: | Splunk |
| Exam Code: | SPLK-3001 |
| Exam Name: | Splunk Enterprise Security Certified Admin |
| Date: | Apr 10, 2020 |
| File Size: | 251 KB |
Demo Questions
Question 1
The Add-On Builder creates Splunk Apps that start with what?
- DA-
- SA-
- TA-
- App-
Correct answer: C
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/ Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/
Question 2
Which of the following are examples of sources for events in the endpoint security domain dashboards?
- REST API invocations.
- Investigation final results status.
- Workstations, notebooks, and point-of-sale systems.
- Lifecycle auditing of incidents, from assignment to resolution.
Correct answer: D
Explanation:
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards
Question 3
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
- $fieldname$
- "fieldname"
- %fieldname%
- _fieldname_
Correct answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
