SPLK-3001無料問題集「Splunk Enterprise Security Certified Admin」

質問 1

Where is the Add-On Builder available from?

（A）The ES installation package

（B）GitHub

（C）SplunkBase

（D）www.splunk.com

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

How is it possible to navigate to the ES graphical Navigation Bar editor?

（A）Configure -> Navigation Menu

（B）Settings -> User Interface -> Navigation -> Click on "Enterprise Security"

（C）Settings -> User Interface -> Navigation Menus -> Click on "default" next to SplunkEnterpriseSecuritySuite

（D）Configure -> General -> Navigation

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

What tools does the Risk Analysis dashboard provide?

（A）A display of the highest risk assets and identities.

（B）Key indicators showing the highest probability correlation searches in the environment.

（C）Notable event domains displayed by risk score.

（D）High risk threats.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.
Which of the following options is most likely to help performance?

（A）Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.

（B）Increase memory and CPUs on the search head(s) and add additional indexers.

（C）If indexed realtime search is enabled, disable it for the notable index.

（D）Change the search heads to do local indexing of summary searches.

正解：B 解答を投票する

質問 5

How is it possible to navigate to the list of currently-enabled ES correlation searches?

（A）Settings -> Searches, Reports, and Alerts -> Filter by Name of "Correlation"

（B）Configure -> Correlation Searches -> Select Status "Enabled"

（C）Configure -> Content Management -> Select Type "Correlation" and Status "Enabled"

（D）Settings -> Searches, Reports, and Alerts -> Select App of "SplunkEnterpriseSecuritySuite" and filter by
"- Rule"

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.
What is a solution for this issue?

（A）Change the correlation search's default status and severity.

（B）Modify the correlation schedule and sensitivity for your site.

（C）Suppress notable events from that correlation search.

（D）Disable acceleration for the correlation search to reduce storage requirements.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following is a recommended pre-installation step?

（A）Download the latest version of KV Store from MongoDBxom.

（B）Configure search head forwarding.

（C）Disable the default search app.

（D）Install the latest Python distribution on the search head.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

How does ES know local customer domain names so it can detect internal vs. external emails?

（A）Web and email domain names are set in General -> General Configuration.

（B）The Corporate Web and Email Domain Lookups are edited during initial configuration.

（C）ES extracts local email and web domains automatically from SMTP and HTTP logs.

（D）ES uses the User Activity index and applies machine learning to determine internal and external domains.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

What is the bar across the bottom of any ES window?

（A）The Analyst Bar.

（B）The Investigation Bar.

（C）The Investigator Workbench.

（D）The Compliance Bar.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

An administrator is asked to configure an "Nslookup" adaptive response action, so that it appears as a selectable option in the notable event's action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

（A）Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup

（B）Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup

（C）Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

（D）Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions
-> Nslookup

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SPLK-3001 無料問題集「Splunk Enterprise Security Certified Admin」

弊社を連絡する

関連リンク

トップ試験