SPLK-3001 Online Practice Questions and Answers
Which of these Is a benefit of data normalization?
A. Reports run faster because normalized data models can be optimized for better performance.
B. Dashboards take longer to build.
C. Searches can be built no matter the specific source technology for a normalized data type.
D. Forwarder-based inputs are more efficient.
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?
A. Splunk_DS_ForIndexers.spl
B. Splunk_ES_ForIndexers.spl
C. Splunk_SA_ForIndexers.spl
D. Splunk_TA_ForIndexers.spl
Which of the following ES features would a security analyst use while investigating a network anomaly notable?
A. Correlation editor.
B. Key indicator search.
C. Threat download dashboard.
D. Protocol intelligence dashboard.
Which settings indicated that the correlation search will be executed as new events are indexed?
A. Always-On
B. Real-Time
C. Scheduled
D. Continuous
Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?
A. Security domains.
B. Threat intel.
C. Assets.
D. Domains.
To observe what network services are in use in a network's activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?
A. Intrusion Center
B. Protocol Analysis
C. User Intelligence
D. Threat Intelligence
Which of the following is a Web Intelligence dashboard?
A. Network Center
B. Endpoint Center
C. HTTP Category Analysis
D. stream :http Protocol dashboard
Which indexes are searched by default for CIM data models?
A. notable and default
B. summary and notable
C. _internal and summary
D. All indexes
Which argument to the | tstats command restricts the search to summarized data only?
A. summaries=t
B. summaries=all
C. summariesonly=t
D. summariesonly=all
To which of the following should the ES application be uploaded?
A. The indexer.
B. The KV Store.
C. The search head.
D. The dedicated forwarder.