Apps in splunk Study guides, Class notes & Summaries

Architect Exam Questions Answers 100% correct What specific things should be included in a deployment plan? -Goals -User Roles -Current topology, physical and logging -Splunk deployment topology -Data source inventory -Data policy definition -splunk Apps -Educ./training plan -Deployment Schedule What are the 3 main stages in a Splunk Deployment Infrastructure planning Splunk deployment and data enrichment user planning and roll out What are some examples of Architect t...

Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype CORRECT ANSWER ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexer acknowledgement CORRECT ANSWER ANSWER: BD When running the command show below, what is the default path in which deployment is created? splunk set deploy-poll deployServer:port A. SP...

5 Main components of Splunk Enterprise Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. - Module 1 Three main roles in splunk? (3) Admin, Power, User - Module 1 What role can Install apps, create knowledge objects for all users, and can control what apps a user will see by default Admin What role can creates and share knowledge objects for users of app, and create real-time searches Power User

101 Which of the following accurately describes HTTP Event Collector indexer acknowledgement? A. It requires a separate channel provided by the client. B. It is configured the same as indexer acknowledgement used to protect in-flight data. C. It can be enabled at the global setting level. D. It stores status information on the Splunk server. CORRECT ANSWER A. It requires a separate channel provided by the client. What action is required to enable forwarder management in Splunk Web? A. N...

5 Main components of Splunk ES Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. Three main roles in splunk? (3) Admin, Power, User Installs apps, creates knowledge objects for all users (what apps a user will see by default) Admin Creates and shares knowledge objects for users of app, real-time searches Power User Only sees own knowledge objects and those shared to them User Apps in Splunk? 1. Pre-built dashboards, reports, alerts and workflows 2. In-de...

with correct answers The Add-On Builder creates Splunk Apps that start with what? A. DA- B. SA- C. TA- D. App- CORRECT ANSWER C. TA- Which of the following are examples of sources for events in the endpoint security domain dashboards? A. REST API invocations. B. Investigation final results status. C. Workstations, notebooks, and point-of-sale systems. D. Lifecycle auditing of incidents, from assignment to resolution. CORRECT ANSWER C. Workstations, notebooks, and point-of-sale system...

Which of the following threat intelligence types can ES download? (Choose all that apply.) · A. Text · B. STIX/TAXII · C. VulnScanSPL · D. SplunkEnterpriseThreatGenerator CORRECT ANSWER Text and STIX/TAXII When investigating, what is the best way to store a newly-found IOC? A. Paste it into Notepad. B. Click the Add IOC button. C. Click the Add Artifact button. D. Add it in a text note to the investigation. CORRECT ANSWER Click the Add Artifact button. At what point in the ES...

Search Time Indexing Goals - Speed, Less effort for new data, persist data, resilient to change Two types of files created when Splunk Indexes incoming data - rawdata (original - compressed), Index (.tsidx - unique terms) - buckets contain both rawdata and index files Sizing Considerations - Amount of incoming data, amount of indexed data, number of concurrent users, number of scheduled searches, types of searches, Apps Disk Storage recommended RAID - RAID 10 (1+0) fast reads and writes wit...

1 Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security? A. Setting the cluster search factor to N-1. B. Increasing the number of buckets per index. C. Decreasing the data model acceleration range. D. Setting the cluster replication factor to N-1. - Answer-A 2 Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requi...

Splunk Core Certified User & Splunk Fundamentals 1 Questions and Answers Graded A+ T/F: Machine data is always structured. False. Machine data can be structured or unstructured. Machine data makes up for more than ___% of the data accumulated by organizations. 90 Brainpower Read More Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:01 / 0:15 Full screen T/F: Machine data is only generated by web servers. False Search requests are p...