Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?
A. Security domains.
B. Threat intel.
C. Assets.
D. Domains.
Which of the following is a recommended pre-installation step?
A. Disable the default search app.
B. Configure search head forwarding.
C. Download the latest version of KV Store from MongoDBxom.
D. Install the latest Python distribution on the search head.
What is an example of an ES asset?
A. MAC address
B. User name
C. Server
D. People
What kind of value is in the red box in this picture?

A. A risk score.
B. A source ranking.
C. An event priority.
D. An IP address rating.
Which argument to the | tstats command restricts the search to summarized data only?
A. summaries=t
B. summaries=all
C. summariesonly=t
D. summariesonly=all
The option to create a Short ID for a notable event is located where?
A. The Additional Fields.
B. The Event Details.
C. The Contributing Events.
D. The Description.
Which of the following is part of tuning correlation searches for a new ES installation?
A. Configuring correlation notable event index.
B. Configuring correlation permissions.
C. Configuring correlation adaptive responses.
D. Configuring correlation result storage.
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data. What data model should be checked for potential errors such as skipped searches?
A. Web
B. Risk
C. Performance
D. Authentication
To which of the following should the ES application be uploaded?
A. The indexer.
B. The KV Store.
C. The search head.
D. The dedicated forwarder.
Which of the following is a key feature of a glass table?
A. Rigidity.
B. Customization.
C. Interactive investigations.
D. Strong data for later retrieval.