What role should be assigned to a security team member who will be taking ownership of notable events in the incident review dashboard?
A.
ess_user
B.
ess_admin
C.
ess_analyst
D.
ess_reviewer
ess_analyst
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/Triagenotableevents
Adaptive response action history is stored in which index?
A.
cim_modactions
B.
modular_history
C.
cim_adaptiveactions
D.
modular_action_history
cim_modactions
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes
Which of the following are examples of sources for events in the endpoint security domain dashboards?
A.
REST API invocations.
B.
Investigation final results status.
C.
Workstations, notebooks, and point-of-sale systems.
D.
Lifecycle auditing of incidents, from assignment to resolution.
Lifecycle auditing of incidents, from assignment to resolution.
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/EndpointProtectionDomaindashboar
ds
After installing Enterprise Security, the distributed configuration management tool can be used to create which app to configure indexers?
A.
Splunk_DS_ForIndexers.spl
B.
Splunk_ES_ForIndexers.spl
C.
Splunk_SA_ForIndexers.spl
D.
Splunk_TA_ForIndexers.spl
Splunk_TA_ForIndexers.spl
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAddons
What is the bar across the bottom of any ES window?
A.
The Investigator Workbench.
B.
The Investigation Bar.
C.
The Analyst Bar.
D.
The Compliance Bar.
The Investigation Bar.
Reference: https://docs.splunk.com/Documentation/ES/6.4.1/User/Startaninvestigation
Which of the following is an adaptive action that is configured by default for ES?
A.
Create notable event
B.
Create new correlation search
C.
Create investigation
D.
Create new asset
Create new correlation search
Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?
A.
Lookup searches.
B.
Summarized data.
C.
Security metrics.
D.
Metrics store searches.
Security metrics.
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/User/CreateGlassTable
What are the steps to add a new column to the Notable Event table in the Incident Review dashboard?
A.
Configure -> Incident Management -> Notable Event Statuses
B.
Configure -> Content Management -> Type: Correlation Search
C.
Configure -> Incident Management -> Incident Review Settings -> Event Management
D.
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
Configure -> Incident Management -> Incident Review Settings -> Table Attributes
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Customizenotables
Where is it possible to export content, such as correlation searches, from ES?
A.
Content exporter
B.
Configure -> Content Management
C.
Export content dashboard
D.
Settings Menu -> ES -> Export
Configure -> Content Management
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Export
An administrator is asked to configure an “Nslookup” adaptive response action, so that it
appears as a selectable option in the notable event’s action menu when an analyst is
working in the Incident Review dashboard. What steps would the administrator take to
configure this option?
A.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Nslookup
B.
Configure -> Type: Correlation Search -> Notable -> Recommended Actions ->
Nslookup
C.
Configure -> Content Management -> Type: Correlation Search -> Notable -> Next Steps -> Nslookup
D.
Configure -> Content Management -> Type: Correlation Search -> Notable ->
Recommended Actions -> Nslookup
Configure -> Content Management -> Type: Correlation Search -> Notable ->
Recommended Actions -> Nslookup
| Page 2 out of 10 Pages |
| Previous |
Copyright © - All Rights Reserved