SPLK-3001 Exam Dumps : Splunk Enterprise Security Certified Admin Exam

 According to the Splunk Enterprise Security documentation, the bar across the bottom of any ES window is called the Investigation Bar. The Investigation Bar is a tool that helps you create and manage investigations in ES. An investigation is a collection of related notable events, comments, and artifacts that document a security incident or a threat hunting activity. You can use the Investigation Bar to do the following tasks:

• Create a new investigation or open an existing one.
• Add notable events, comments, and artifacts to an investigation.
• Assign an owner and a status to an investigation.
• Share an investigation with other users or roles.
• Export an investigation as a PDF report.

The Investigation Bar also provides a link to the Investigation Workbench, which is a dashboard that shows a timeline and a summary of an investigation. Therefore, the correct answer is B. The Investigation Bar. References = Use the Investigation Bar.

User and website watchlists are lists of users or websites that you want to monitor for suspicious or unwanted activity. You can configure user and website watchlists in Splunk Enterprise Security to generate notable events when a user on the watchlist accesses a website on the watchlist. The User Activity dashboard displays the notable events generated by the watchlists, as well as other user activity information such as top users, top websites, and top categories. Configuring user and website watchlists can help identify users accessing inappropriate web sites, as it allows you to specify which users and websites are of interest and alert you when they are accessed. References =

• Configure user and website watchlists in Splunk Enterprise Security
• User Activity dashboard in Splunk Enterprise Security

 According to the Splunk Enterprise Security documentation, the Default Account Activity Detected correlation search uses the Local User Intel lookup table to flag known default accounts. The Local User Intel lookup table contains a list of default usernames and passwords for various systems and applications, such as admin, root, guest, and others. The correlation search compares the authentication events from the Authentication data model with the usernames in the lookup table and generates a notable event if there is a match. The notable event indicates that a default account was used to access a system or application, which could be a sign of a brute force attack or a misconfiguration. Therefore, the correct answer is B. Local User Intel. References =

• Default Account Activity Detected
• Local User Intel