SPLK-3001 Exam Dumps

An administrator wants to ensure that none of the ES indexed data could be compromised through tampering. What feature would satisfy this requirement?

A.

Index consistency.

B.

Data integrity control.

C.

Indexer acknowledgement.

D.

Index access permissions.

The option to create a Short ID for a notable event is located where?

A.

The Additional Fields.

B.

The Event Details.

C.

The Contributing Events.

D.

The Description.

A set of correlation searches are enabled at a new ES installation, and results are being
monitored. One of the correlation searches is generating many notable events which, when
evaluated, are determined to be false positives.
What is a solution for this issue?

A.

Suppress notable events from that correlation search.

B.

Disable acceleration for the correlation search to reduce storage requirements.

C.

Modify the correlation schedule and sensitivity for your site.

D.

Change the correlation search's default status and severity.

To observe what network services are in use in a network’s activity overall, which of the following dashboards in Enterprise Security will contain the most relevant data?

A.

Intrusion Center

B.

Protocol Analysis

C.

User Intelligence

D.

Threat Intelligence

What are adaptive responses triggered by?

A.

By correlation searches and users on the incident review dashboard.

B.

By correlation searches and custom tech add-ons.

C.

By correlation searches and users on the threat analysis dashboard.

D.

By custom tech add-ons and users on the risk analysis dashboard

Which lookup table does the Default Account Activity Detected correlation search use to flag known default accounts?

A.

Administrative Identities

B.

Local User Intel

C.

Identities

D.

Privileged Accounts