SPLK-3001 Free Practice Test

Which correlation search feature is used to throttle the creation of notable events?

1. A. Schedule priority.
2. B. Window interval.
3. C. Window duration.
4. D. Schedule windows.

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

What does the risk framework add to an object (user, server or other type) to indicate increased risk?

1. A. An urgency.
2. B. A risk profile.
3. C. An aggregation.
4. D. A numeric score.

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring

Which settings indicated that the correlation search will be executed as new events are indexed?

1. A. Always-On
2. B. Real-Time
3. C. Scheduled
4. D. Continuous

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

When ES content is exported, an app with a .spl extension is automatically created. What is the best practice when exporting and importing updates to ES content?

1. A. Use new app names each time content is exported.
2. B. Do not use the .spl extension when naming an export.
3. C. Always include existing and new content for each export.
4. D. Either use new app names or always include both existing and new content.

Correct Answer: A

Which of the following are examples of sources for events in the endpoint security domain dashboards?

1. A. REST API invocations.
2. B. Investigation final results status.
3. C. Workstations, notebooks, and point-of-sale systems.
4. D. Lifecycle auditing of incidents, from assignment to resolution.

Correct Answer: D
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards