Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SPLK-3001 by Splunk - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

What is an example of an ES asset?

A MAC address
B User name
C People
D Server

Question 4

Analysts have requested the ability to capture and analyze network traffic data. The administrator has researched the documentation and, based on this research, has decided to integrate the Splunk App for Stream with ES.

Which dashboards will now be supported so analysts can view and analyze network Stream data?

A Endpoint dashboards.
B Protocol Intelligence dashboards.
C User Intelligence dashboards.
D Web Intelligence dashboards.

Question 5

Which setting is used in indexes.conf to specify alternate locations for accelerated storage?

A thawedPath
B tstatsHomePath
C summaryHomePath
D warmToColdScript

Question 6

Which of the following is a way to test for a property normalized data model?

A Use Audit -> Normalization Audit and check the Errors panel.
B Run a | datamodel search, compare results to the CIM documentation for the datamodel.
C Run a | loadjob search, look at tag values and compare them to known tags based on the encoding.
D Run a | datamodel search and compare the results to the list of data models in the ES normalization guide.

Question 7

Which argument to the | tstats command restricts the search to summarized data only?

A summaries=t
B summaries=all
C summariesonly=t
D summariesonly=all

Question 8

When investigating, what is the best way to store a newly-found IOC?

A Paste it into Notepad.
B Click the ג€Add IOCג€ button.
C Click the ג€Add Artifactג€ button.
D Add it in a text note to the investigation.

Question 9

How is it possible to navigate to the list of currently-enabled ES correlation searches?

A Configure -> Correlation Searches -> Select Status ג€Enabledג€
B Settings -> Searches, Reports, and Alerts -> Filter by Name of ג€Correlationג€
C Configure -> Content Management -> Select Type ג€Correlationג€ and Status ג€Enabledג€
D Settings -> Searches, Reports, and Alerts -> Select App of ג€SplunkEnterpriseSecuritySuiteג€ and filter by ג€-Ruleג€

Question 10

Which of the following is a risk of using the Auto Deployment feature of Distributed Configuration Management to distribute indexes.conf?

A Indexers might crash.
B Indexers might be processing.
C Indexers might not be reachable.
D Indexers have different settings.

Question 11

Which of the following are data models used by ES? (Choose all that apply.)

A Web
B Anomalies
C Authentication
D Network Traffic

Question 12

At what point in the ES installation process should Splunk_TA_ForIndexers.spl be deployed to the indexers?

A When adding apps to the deployment server.
B Splunk_TA_ForIndexers.spl is installed first.
C After installing ES on the search head(s) and running the distributed configuration management tool.
D Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Question 13

Which correlation search feature is used to throttle the creation of notable events?

A Schedule priority.
B Window interval.
C Window duration.
D Schedule window.

Question 14

Which of the following are examples of sources for events in the endpoint security domain dashboards?

A REST API invocations.
B Investigation final results status.
C Workstations, notebooks, and point-of-sale systems.
D Lifecycle auditing of incidents, from assignment to resolution.

Question 15

Both Recommended Actions and Adaptive Response Actions use adaptive response. How do they differ?

A Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.
B Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.
C Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.
D Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.

Question 16

What does the Security Posture dashboard display?

A Active investigations and their status.
B A high-level overview of notable events.
C Current threats being tracked by the SOC.
D A display of the status of security tools.

Question 17

10.22.63.159, websvr4, and 00:26:08:18: CF:1D would be matched against what in ES?

A A user.
B A device.
C An asset.
D An identity.

Question 18

How should an administrator add a new lookup through the ES app?

A Upload the lookup file in Settings -> Lookups -> Lookup Definitions
B Upload the lookup file in Settings -> Lookups -> Lookup table files
C Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
D Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

Question 19

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

A Lookup searches.
B Summarized data.
C Security metrics.
D Metrics store searches.

Question 20

Which of the following is a key feature of a glass table?

A Rigidity.
B Customization.
C Interactive investigations.
D Strong data for later retrieval.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 98

1 2 3 4

→

Know a question that should be here? Contribute to this exam

The Add-On Builder creates Splunk Apps that start with what?

A DA-
B SA-
C TA-
D App-

Which indexes are searched by default for CIM data models?

A notable and default
B summary and notable
C _internal and summary
D All indexes