[2022年03月]更新のSplunk SPLK-3001テストエンジンとPDFで完全版無料問題集を無料提供
最新版を今すぐ試そうSPLK-3001認定有効な試験問題集
質問 38
Which column in the Asset or Identity list is combined with event security to make a notable event's urgency?
- A. Importance
- B. Criticality
- C. Priority
- D. VIP
正解: C
質問 39
Which of the following are data models used by ES? (Choose all that apply)
- A. Authentication
- B. Anomalies
- C. Network Traffic
- D. Web
正解: B
解説:
Reference:
https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/
質問 40
To observe what network services are in use in a network's activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?
- A. Protocol Analysis
- B. User Intelligence
- C. Threat Intelligence
Section: (none)
Explanation - D. Intrusion Center
正解: D
解説:
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/NetworkProtectionDomaindashboards
質問 41
Which of the following features can the Add-on Builder configure in a new add-on?
- A. Translate data.
- B. Summarize data.
- C. Normalize data.
- D. Expire data.
正解: C
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Overview
質問 42
At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?
- A. After installing ES on the search head(s) and running the distributed configuration management tool.
- B. When adding apps to the deployment server.
- C. Splunk_TA_ForIndexers.spl is installed first.
- D. Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.
正解: A
質問 43
What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?
- A. ess_user
- B. ess_analyst
- C. ess_admin
- D. ess_reviewer
正解: C
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Triagenotableevents
質問 44
If a username does not match the 'identity' column in the identities list, which column is checked next?
- A. Combination of Last Name, First Name.
- B. IP address.
- C. Email.
- D. Nickname
正解: C
質問 45
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
- A. A numeric score.
- B. An urgency.
- C. A risk profile.
- D. An aggregation.
正解: D
質問 46
Which of the following are examples of sources for events in the endpoint security domain dashboards?
- A. Lifecycle auditing of incidents, from assignment to resolution.
- B. Workstations, notebooks, and point-of-sale systems.
- C. Investigation final results status.
- D. REST API invocations.
正解: A
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards
質問 47
Where is the Add-On Builder available from?
- A. The ES installation package
- B. www.splunk.com
- C. GitHub
- D. SplunkBase
正解: D
解説:
Reference:
https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation
質問 48
What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?
- A. ess_user
- B. ess_analyst
- C. ess_admin
- D. ess_reviewer
正解: C
質問 49
Which component normalizes events?
- A. Technology add-on.
- B. SA-Notable.
- C. SA-CIM.
- D. ES application.
正解: C
質問 50
An administrator is asked to configure an "Nslookup" adaptive response action, so that it appears as a selectable option in the notable event's action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?
- A. Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
- B. Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
- C. Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
- D. Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions
-> Nslookup
正解: D
質問 51
Both "Recommended Actions" and "Adaptive Response Actions" use adaptive response. How do they differ?
- A. Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.
- B. Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.
- C. Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.
- D. Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.
正解: D
解説:
Reference:
https://docs.splunk.com/Documentation/ES/latest/Admin/Configureadaptiveresponse
質問 52
How is it possible to navigate to the list of currently-enabled ES correlation searches?
- A. Configure -> Correlation Searches -> Select Status "Enabled"
- B. Settings -> Searches, Reports, and Alerts -> Filter by Name of "Correlation"
- C. Configure -> Content Management -> Select Type "Correlation" and Status "Enabled"
- D. Settings -> Searches, Reports, and Alerts -> Select App of "SplunkEnterpriseSecuritySuite" and filter by "- Rule"
正解: C
質問 53
How is notable event urgency calculated?
- A. Asset or identity risk and severity found by the correlation search.
- B. Alert severity found by the correlation search.
- C. Severity set by the correlation search and priority assigned to the associated asset or identity.
- D. Asset priority and threat weight.
正解: C
解説:
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
質問 54
Which of the following features can the Add-on Builder configure in a new add-on?
- A. Translate data.
- B. Summarize data.
- C. Normalize data.
- D. Expire data.
正解: C
質問 55
How is notable event urgency calculated?
- A. Asset or identity risk and severity found by the correlation search.
- B. Alert severity found by the correlation search.
- C. Severity set by the correlation search and priority assigned to the associated asset or identity.
- D. Asset priority and threat weight.
正解: C
質問 56
Which of the following is a recommended pre-installation step?
- A. Configure search head forwarding.
- B. Download the latest version of KV Store from MongoDB.com.
- C. Install the latest Python distribution on the search head.
- D. Disable the default search app.
正解: A
質問 57
What does the summariesonly=true option do for a correlation search?
- A. Searches only accelerated data.
- B. Forwards summary indexes to the indexing tier.
- C. Searches summary indexes only.
- D. Uses a default summary time range.
正解: A
質問 58
Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?
- A. SplunkWeb (8000), Splunk Management (8089), KV Store (8191)
- B. SplunkWeb (8068), Splunk Management (8089), KV Store (8000)
- C. SplunkWeb (8390), Splunk Management (8323), KV Store (8672)
- D. SplunkWeb (8043), Splunk Management (8088), KV Store (8191)
正解: A
解説:
Explanation
https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/SecureSplunkonyournetwork
質問 59
Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?
- A. A suffix of .spl
- B. A prefix of TECH_
- C. A prefix of CIM_
- D. A prefix of Splunk_TA_
正解: D
解説:
Explanation/Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/
質問 60
Which of the following are data models used by ES? (Choose all that apply.)
- A. Authentication
- B. Anomalies
- C. Network Traffic
- D. Web
正解: B
解説:
Explanation/Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/
質問 61
......
Splunk SPLK-3001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
100%合格保証付きの素晴らしいSPLK-3001試験問題PDF:https://www.jpntest.com/shiken/SPLK-3001-mondaishu