Which settings indicated that the correlation search will be executed as new events are indexed?
Correct Answer:C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches
Where is the Add-On Builder available from?
Correct Answer:B
Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Installation
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency?
Correct Answer:B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
“10.22.63.159”, “websvr4”, and “00:26:08:18: CF:1D” would be matched against what in ES?
Correct Answer:B
What does the risk framework add to an object (user, server or other type) to indicate increased risk?
Correct Answer:C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring
Which of the following features can the Add-on Builder configure in a new add-on?
Correct Answer:B
Reference: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/Overview