New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Full Access Splunk SPLK-3001 Tutorials

Page: 3 / 7
Total 99 questions

Splunk Enterprise Security Certified Admin Exam Questions and Answers

Question 9

Following the Installation of ES, an admin configured Leers with the ©ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

Options:

A.

From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.

B.

From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.

C.

In Enterprise Security, give the ess_user role the own Notable Events permission.

D.

From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.

Question 10

After managing source types and extracting fields, which key step comes next In the Add-On Builder?

Options:

A.

Validate and package

B.

Configure data collection.

C.

Create alert actions.

D.

Map to data models.

Question 11

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

Options:

A.

Lookup searches.

B.

Summarized data.

C.

Security metrics.

D.

Metrics store searches.

Question 12

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

Options:

A.

Indexes might crash.

B.

Indexes might be processing.

C.

Indexes might not be reachable.

D.

Indexes have different settings.

Page: 3 / 7
Total 99 questions