Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?
#32
Answer: D✅ Correct❌ Incorrect
ES apps and add-ons from $SPLUNK_HOME/etc/apps should be copied from the staging instance to what location on the cluster deployer instance?
#33
Answer: C✅ Correct❌ Incorrect
How is notable event urgency calculated?
#34
Answer: D✅ Correct❌ Incorrect
What kind of value is in the red box in this picture?
#35
Answer: C✅ Correct❌ Incorrect
Where is it possible to export content, such as correlation searches, from ES?
#36
Answer: B✅ Correct❌ Incorrect
Which of the following threat intelligence types can ES download?
#37
Answer: B✅ Correct❌ Incorrect
A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance.What is the best practice for installing ES?
#38
Answer: B✅ Correct❌ Incorrect
Enterprise Security's dashboards primarily pull data from what type of knowledge object?
#39
Answer: C✅ Correct❌ Incorrect
To which of the following should the ES application be uploaded?
#40
Answer: C✅ Correct❌ Incorrect
If a username does not match the `˜identity' column in the identities list, which column is checked next?
#41
Answer: A✅ Correct❌ Incorrect
Which of the following features can the Add-on Builder configure in a new add-on?
#42
Answer: B✅ Correct❌ Incorrect
What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployment?
#43
Answer: B✅ Correct❌ Incorrect
ES needs to be installed on a search head with which of the following options?
#44
Answer: D✅ Correct❌ Incorrect
Which settings indicates that the correlation search will be executed as new events are indexed?
#45
Answer: B✅ Correct❌ Incorrect
Where are attachments to investigations stored?
#46
Answer: A✅ Correct❌ Incorrect
Which data model populates the panels on the Risk Analysis dashboard?
#47
Answer: A✅ Correct❌ Incorrect
How is it possible to navigate to the ES graphical Navigation Bar editor?
#48
Answer: B✅ Correct❌ Incorrect
An administrator is provisioning one search head prior to installing ES.What are the reference minimum requirements for OS, CPU, and RAM for that machine?
#49
Answer: C✅ Correct❌ Incorrect
What tools does the Risk Analysis dashboard provide?
#50
Answer: C✅ Correct❌ Incorrect
When ES content is exported, an app with a .spl extension is automatically created.What is the best practice when exporting and importing updates to ES content?
#51
Answer: A✅ Correct❌ Incorrect
Who can delete an investigation?
#52
Answer: A✅ Correct❌ Incorrect
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?
#53
Answer: D✅ Correct❌ Incorrect
The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated.How can the correlation search be made less sensitive?
#54
Answer: B✅ Correct❌ Incorrect
Which of the following actions can improve overall search performance?
#55
Answer: C✅ Correct❌ Incorrect
Which of the following ES features would a security analyst use while investigating a network anomaly notable?
#56
Answer: D✅ Correct❌ Incorrect
Which component normalizes events?
#57
Answer: A✅ Correct❌ Incorrect
An administrator wants to ensure that none of the ES indexed data could be compromised through tampering.What feature would satisfy this requirement?
#58
Answer: B✅ Correct❌ Incorrect
What is the first step when preparing to install ES?
#59
Answer: D✅ Correct❌ Incorrect
What is the default schedule for accelerating ES Datamodels?