SPLUNK-SPLK-3001

Accelerated data requires approximately how many times the daily data volume of additional storage space per year?

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?

What can be exported from ES using the Content Management page?

Where should an ES search head be installed?

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

Which of the following actions may be necessary before installing ES?

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.Which of the following options is most likely to help performance?

What should be used to map a non-standard field name to a CIM field name?

Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?

A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.What is a solution for this issue?

Which of the following steps will make the Threat Activity dashboard the default landing page in ES?

When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?

Which feature contains scenarios that are useful during ES implementation?

Where is detailed information about identities stored?

The option to create a Short ID for a notable event is located where?

A newly built custom dashboard needs to be available to a team of security analysts in ES.How is it possible to integrate the new dashboard?

What is the bar across the bottom of any ES window?

Which two fields combine to create the Urgency of a notable event?

What do threat gen searches produce?

Which of the following is part of tuning correlation searches for a new ES installation?

Which columns in the Assets lookup are used to identify an asset in an event?

What does the summariesonly=true option do for a correlation search?

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

What is the main purpose of the Dashboard Requirements Matrix document?

Which of the following is a recommended pre-installation step?

What are adaptive responses triggered by?

Which of the following is an adaptive action that is configured by default for ES?

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

Which tool is used to update indexers in ES?