Splunk SPLK-3001 Quiz 2 Topic 4 Questions 6-10

Question: 1

Which component normalizes events?

ASA-CIM.

BSA-Notable.

CES application.

DTechnology add-on.

Show Answer

Question: 2

What does the Security Posture dashboard display?

AActive investigations and their status.

BA high-level overview of notable events.

CCurrent threats being tracked by the SOC.

DA display of the status of security tools.

Show Answer

Question: 3

Which settings indicated that the correlation search will be executed as new events are indexed?

AAlways-On

BReal-Time

CScheduled

DContinuous

Show Answer

Question: 4

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

AInstall ES on the existing search head.

BAdd a new search head and install ES on it.

CIncrease the number of CPUs and amount of memory on the search head, then install ES.

DDelete the non-CIM-compliant apps from the search head, then install ES.

Show Answer

Question: 5

Adaptive response action history is stored in which index?

Acim_modactions

Bmodular_history

Ccim_adaptiveactions

Dmodular_action_history

Show Answer

Splunk SPLK-3001 Quiz:2 Topic:4 Questions:6-10