Apps in splunk - Study guides, Class notes & Summaries

Architect Exam Questions Answers 100% correct What specific things should be included in a deployment plan? -Goals -User Roles -Current topology, physical and logging -Splunk deployment topology -Data source inventory -Data policy definition -splunk Apps -Educ./training plan -Deployment Schedule What are the 3 main stages in a Splunk Deployment Infrastructure planning Splunk deployment and data enrichment user planning and roll out What are some examples of Architect t...

Within , which stanzas are valid for data modification? (select all that apply) A. Host B. Server C. Source D. Sourcetype CORRECT ANSWER ANSWER: ACD The universal forwarder has which capabilities when sending data? A. Sending alerts B. Compressing Data C. Obfuscating/hiding data D. Indexer acknowledgement CORRECT ANSWER ANSWER: BD When running the command show below, what is the default path in which deployment is created? splunk set deploy-poll deployServer:port A. SP...

101 Which of the following accurately describes HTTP Event Collector indexer acknowledgement? A. It requires a separate channel provided by the client. B. It is configured the same as indexer acknowledgement used to protect in-flight data. C. It can be enabled at the global setting level. D. It stores status information on the Splunk server. CORRECT ANSWER A. It requires a separate channel provided by the client. What action is required to enable forwarder management in Splunk Web? A. N...

5 Main components of Splunk Enterprise Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. - Module 1 Three main roles in splunk? (3) Admin, Power, User - Module 1 What role can Install apps, create knowledge objects for all users, and can control what apps a user will see by default Admin What role can creates and share knowledge objects for users of app, and create real-time searches Power User

Search Time Indexing Goals - Speed, Less effort for new data, persist data, resilient to change Two types of files created when Splunk Indexes incoming data - rawdata (original - compressed), Index (.tsidx - unique terms) - buckets contain both rawdata and index files Sizing Considerations - Amount of incoming data, amount of indexed data, number of concurrent users, number of scheduled searches, types of searches, Apps Disk Storage recommended RAID - RAID 10 (1+0) fast reads and writes wit...

with correct answers The Add-On Builder creates Splunk Apps that start with what? A. DA- B. SA- C. TA- D. App- CORRECT ANSWER C. TA- Which of the following are examples of sources for events in the endpoint security domain dashboards? A. REST API invocations. B. Investigation final results status. C. Workstations, notebooks, and point-of-sale systems. D. Lifecycle auditing of incidents, from assignment to resolution. CORRECT ANSWER C. Workstations, notebooks, and point-of-sale system...

1 Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security? A. Setting the cluster search factor to N-1. B. Increasing the number of buckets per index. C. Decreasing the data model acceleration range. D. Setting the cluster replication factor to N-1. - Answer-A 2 Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requi...

Which of the following threat intelligence types can ES download? (Choose all that apply.) · A. Text · B. STIX/TAXII · C. VulnScanSPL · D. SplunkEnterpriseThreatGenerator CORRECT ANSWER Text and STIX/TAXII When investigating, what is the best way to store a newly-found IOC? A. Paste it into Notepad. B. Click the Add IOC button. C. Click the Add Artifact button. D. Add it in a text note to the investigation. CORRECT ANSWER Click the Add Artifact button. At what point in the ES...

5 Main components of Splunk ES Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. Three main roles in splunk? (3) Admin, Power, User Installs apps, creates knowledge objects for all users (what apps a user will see by default) Admin Creates and shares knowledge objects for users of app, real-time searches Power User Only sees own knowledge objects and those shared to them User Apps in Splunk? 1. Pre-built dashboards, reports, alerts and workflows 2. In-de...

5 Main components of Splunk ES - Answer-Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. What does index data do? (3) - Answer-1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) - Answer-Admin, Power, User An admin does what? - Answer-Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? - Answer-Creates and shares knowledge objects for u...