SPLK-3001 試験問題を無料オンラインアクセス

'10.22.63.159', 'websvr4', and '00:26:08:18: CF:1D' would be matched against what in ES?

• A.An identity.
• B.An asset.
• C.A user.
• D.A device.

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated.
How can the correlation search be made less sensitive?

• A.Edit the search and modify the notable event status field to make the notable events less urgent.
• B.Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
• C.Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.
• D.Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.

Accelerated data requires approximately how many times the daily data volume of additional storage space per year?

• A.2.5
• B.5.7
• C.3.4
• D.1.0

Which of the following is part of tuning correlation searches for a new ES installation?

• A.Configuring correlation notable event index.
• B.Configuring correlation adaptive responses.
• C.Configuring correlation result storage.
• D.Configuring correlation permissions.

Which of the following are the default ports that must be configured for Splunk Enterprise Security to function?

• A.SplunkWeb (8043), Splunk Management (8088), KV Store (8191)
• B.SplunkWeb (8088), Splunk Management (8089), KV Store (8000)
• C.SplunkWeb (8386), Splunk Management (8926), KV Store (8106)
• D.SplunkWeb (8000), Splunk Management (8089), KV Store (8191)