Question 13

Which settings indicated that the correlation search will be executed as new events are indexed?

Correct Answer:C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

Question 14

Where is the Add-On Builder available from?

Correct Answer:B
Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation

Question 15

Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?

Correct Answer:B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

Question 16

“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?

Correct Answer:B

Question 17

What does the risk framework add to an object (user, server or other type) to indicate increased risk?

Correct Answer:C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring

Question 18

Which of the following features can the Add-on Builder configure in a new add-on?

Correct Answer:B
Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Overview

START SPLK-3001 EXAM