Question 7

If a username does not match the ‘identity’ column in the identities list, which column is checked next?

Correct Answer:C

Question 8

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

Correct Answer:D
Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/planintegrationes/

Question 9

How is it possible to navigate to the list of currently-enabled ES correlation searches?

Correct Answer:A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Listcorrelationsearches

Question 10

What kind of value is in the red box in this picture?
SPLK-3001 dumps exhibit

Correct Answer:C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventCollector

Question 11

How should an administrator add a new lookup through the ES app?

Correct Answer:D
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Createlookups

Question 12

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?

Correct Answer:C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables

START SPLK-3001 EXAM