SPLK-3001 Exam Dumps

How is notable event urgency calculated?

A.

Asset priority and threat weight.

B.

Alert severity found by the correlation search.

C.

Asset or identity risk and severity found by the correlation search.

D.

Severity set by the correlation search and priority assigned to the associated asset or identity.

What should be used to map a non-standard field name to a CIM field name?

A.

Field alias.

B.

Search time extraction.

C.

Tag.

D.

Eventtype.

Which two fields combine to create the Urgency of a notable event?

A.

Priority and Severity.

B.

Priority and Criticality.

C.

Criticality and Severity.

D.

Precedence and Time.

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?

A.

Configure the add-ons according to their README or documentation.

B.

Disable the add-ons until they are ready to be used, then enable the add-ons.

C.

Nothing, there are no additional steps for add-ons.

D.

Configure the add-ons via the Content Management dashboard

The Brute Force Access Behavior Detected correlation search is enabled, and is
generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?

A.

Edit the search and modify the notable event status field to make the notable events less urgent.

B.

Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.

C.

Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.

D.

Modify the urgency table for this correlation search and add a new severity level to makenotable events from this search less urgent.

In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?

A.

Save the settings.

B.

Apply the correct tags.

C.

Run the correct search.

D.

Visit the CIM dashboard.