What does the risk framework add to an object (user, server or other type) to indicate increased risk?
What does the risk framework add to an object (user, server or other type) to indicate increased risk? A. An urgency. B. A risk profile. C. An aggregation. D. A numeric score. Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/RiskScoring
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency
Which column in the Asset or Identity list is combined with event security to make a notable event’s urgency? A. VIP B. Priority C. Importance D. Criticality Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
What role should be assigned to a security team member who will be taking ownership of notable events in the i
What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard? A. ess_user B. ess_admin C. ess_analyst D. ess_reviewer Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Triagenotableevents
In order to include an eventtype in a data model node, what is the next step after extracting the correct fiel
In order to include an eventtype in a data model node, what is the next step after extracting the correct fields? A. Save the settings. B. Apply the correct tags. C. Run the correct search. D. Visit the CIM dashboard. Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizeOSSECdata
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data
The Remote Access panel within the User Activity dashboard is not populating with the most recent hour of data. What data model should be checked for potential errors such as skipped searches? A. Web B. Risk C. Performance D. Authentication Reference: https://answers.splunk.com/answers/565482/how-to-resolve-skipped-scheduled-searches.html
What feature of Enterprise Security downloads threat intelligence data from a web server?
What feature of Enterprise Security downloads threat intelligence data from a web server? A. Threat Service Manager B. Threat Download Manager C. Threat Intelligence Parser D. Therat Intelligence Enforcement
When creating custom correlation searches, what format is used to embed field values in the title, description
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event? A. $fieldname$ B. “fieldname” C. %fieldname% D. _fieldname_ Reference: https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
Which of the following are examples of sources for events in the endpoint security domain dashboards?
Which of the following are examples of sources for events in the endpoint security domain dashboards? A. REST API invocations. B. Investigation final results status. C. Workstations, notebooks, and point-of-sale systems. D. Lifecycle auditing of incidents, from assignment to resolution. Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboards
The Add-On Builder creates Splunk Apps that start with what?
The Add-On Builder creates Splunk Apps that start with what? A. DA- B. SA- C. TA- D. App- Reference: https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/abouttheessolution/
Which component in the splunkd.log will log information related to bad event breaking?
Which component in the splunkd.log will log information related to bad event breaking? A. Audittrail B. EventBreaking C. IndexingPipeline D. AggregatorMiningProcessor Reference: https://answers.splunk.com/answers/141721/error-in-splunkd-log-breaking-event-because-limit-of-256-has-been-exceeded.html