SPLK-3001 Free Practice Test

Which of the following threat intelligence types can ES download? (Choose all that apply)

1. A. Text
2. B. STIX/TAXII
3. C. VulnScanSPL
4. D. SplunkEnterpriseThreatGenerator

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed

What kind of value is in the red box in this picture?

1. A. A risk score.
2. B. A source ranking.
3. C. An event priority.
4. D. An IP address rating.

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/FormateventsforHTTPEventCollector

What feature of Enterprise Security downloads threat intelligence data from a web server?

1. A. Threat Service Manager
2. B. Threat Download Manager
3. C. Threat Intelligence Parser
4. D. Therat Intelligence Enforcement

Correct Answer: B

An administrator is provisioning one search head prior to installing ES. What are the reference minimum requirements for OS, CPU, and RAM for that machine?

1. A. OS: 32 bit, RAM: 16 MB, CPU: 12 cores
2. B. OS: 64 bit, RAM: 32 MB, CPU: 12 cores
3. C. OS: 64 bit, RAM: 12 MB, CPU: 16 cores
4. D. OS: 64 bit, RAM: 32 MB, CPU: 16 cores

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.2/Capacity/Referencehardware

An administrator is asked to configure an “Nslookup” adaptive response action, so that it appears as a selectable option in the notable event’s action menu when an analyst is working in the Incident Review dashboard. What steps would the administrator take to configure this option?

1. A. Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
2. B. Configure -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup
3. C. Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
4. D. Configure -> Content Management -> Type: Correlation Search -> Notable -> Recommended Actions -> Nslookup

Correct Answer: D