- All Exams Instant Download
Where should an ES search head be installed?
Where should an ES search head be installed?A . On a Splunk server running Splunk DB Connect.B . On a Splunk server with top level visibility.C . On a server with a new install of Splunk.D . On any Splunk server.View AnswerAnswer: C
Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?
Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?A . Indexes might crash.B . Indexes might be processing.C . Indexes might not be reachable.D . Indexes have different settings.View AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Admin/Indexesconf
Which argument to the | tstats command restricts the search to summarized data only?
Which argument to the | tstats command restricts the search to summarized data only?A . summaries=tB . summaries=allC . summariesonly=tD . summariesonly=allView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/Acceleratedatamodels
Which correlation search feature is used to throttle the creation of notable events?
Which correlation search feature is used to throttle the creation of notable events?A . Schedule priority.B . Window interval.C . Window duration.D . Schedule windows.View AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches
What is the bar across the bottom of any ES window?
What is the bar across the bottom of any ES window?A . The Investigator Workbench.B . The Investigation Bar.C . The Analyst Bar.D . The Compliance Bar.View AnswerAnswer: B
Which indexes are searched by default for CIM data models?
Which indexes are searched by default for CIM data models?A . notableand defaultB . summaryand notableC . _internaland summaryD . All indexesView AnswerAnswer: D Explanation: Reference: https://answers.splunk.com/answers/600354/indexes-searched-by-cim-data-models.html
What data model should be checked for potential errors such as skipped searches?
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data. What data model should be checked for potential errors such as skipped searches?A . WebB . RiskC . PerformanceD . AuthenticationView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/565482/how-to-resolve-skipped-scheduled-searches.html
How is it possible to navigate to the list of currently-enabled ES correlation searches?
How is it possible to navigate to the list of currently-enabled ES correlation searches?A . Configure -> Correlation Searches -> Select Status “Enabled”B . Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”C . Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”D . Settings...
The Add-On Builder creates Splunk Apps that start with what?
The Add-On Builder creates Splunk Apps that start with what?A . DAB . SAC . TAD . App-View AnswerAnswer: C Explanation: Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/
When investigating, what is the best way to store a newly-found IOC?
When investigating, what is the best way to store a newly-found IOC?A . Paste it into Notepad.B . Click the “Add IOC” button.C . Click the “Add Artifact” button.D . Add it in a text note to the investigation.View AnswerAnswer: B
