SPLK-3001 Free Practice Test

What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployment?

1. A. 50 GB
2. B. 100 GB
3. C. 300 GB
4. D. 500 MB

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Install/Plan

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

1. A. Correlation editor.
2. B. Key indicator search.
3. C. Threat download dashboard.
4. D. Protocol intelligence dashboard.

Correct Answer: D
Reference: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security/features.html

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated. How can the correlation search be made less sensitive?

1. A. Edit the search and modify the notable event status field to make the notable events less urgent.
2. B. Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
3. C. Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.
4. D. Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned

What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?

1. A. Configure -> Incident Management -> Notable Event Statuses
2. B. Configure -> Content Management -> Type: Correlation Search
3. C. Configure -> Incident Management -> Incident Review Settings -> Event Management
4. D. Configure -> Incident Management -> Incident Review Settings -> Table Attributes

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables

What does the Security Posture dashboard display?

1. A. Active investigations and their status.
2. B. A high-level overview of notable events.
3. C. Current threats being tracked by the SOC.
4. D. A display of the status of security tools.

Correct Answer: B
The Security Posture dashboard is designed to provide high-level insight into the notable events across all domains of your deployment, suitable for display in a Security Operations Center (SOC). This dashboard shows all events from the past 24 hours, along with the trends over the past 24 hours, and provides real-time event information and updates.
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/SecurityPosturedashboard