The Add-On Builder creates Splunk Apps that start with what?

A. DA

B. SA

C. TA

D. App-

What does the summariesonly=true option do for a correlation search?

A. Searches only accelerated data.

B. Forwards summary indexes to the indexing tier.

C. Uses a default summary time range.

D. Searches summary indexes only.

Where is the Add-On Builder available from?

A. GitHub

B. SplunkBase

C. www.splunk.com

D. The ES installation package

When installing Enterprise Security, what should be done after installing the add-ons necessary for normalizing data?

A. Configure the add-ons according to their README or documentation.

B. Disable the add-ons until they are ready to be used, then enable the add-ons.

C. Nothing, there are no additional steps for add-ons.

D. Configure the add-ons via the Content Management dashboard.

How does ES know local customer domain names so it can detect internal vs. external emails?

A. Web and email domain names are set in General -> General Configuration.

B. ES uses the User Activity index and applies machine learning to determine internal and external domains.

C. The Corporate Web and Email Domain Lookups are edited during initial configuration.

D. ES extracts local email and web domains automatically from SMTP and HTTP logs.

Where are attachments to investigations stored?

A. KV Store

B. notable index

C. attachments.csv lookup D. /etc/apps/SA-Investigations/default/ui/views/attachments

Which feature contains scenarios that are useful during ES Implementation?

A. Use Case Library

B. Correlation Searches

C. Predictive Analytics

D. Adaptive Responses

A newly built custom dashboard needs to be available to a team of security analysts In ES. How is It possible to Integrate the new dashboard?

A. Add links on the ES home page to the new dashboard.

B. Create a new role Inherited from es_analyst, make the dashboard permissions read-only, and make this dashboard the default view for the new role.

C. Set the dashboard permissions to allow access by es_analysts and use the navigation editor to add it to the menu.

D. Add the dashboard to a custom add-in app and install it to ES using the Content Manager.

What can be exported from ES using the Content Management page?

A. Only correlation searches, managed lookups, and glass tables.

B. Only correlation searches.

C. Any content type listed in the Content Management page.

D. Only correlation searches, glass tables, and workbench panels.

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

A. When adding apps to the deployment server.

B. Splunk_TA_ForIndexers.spl is installed first.

C. After installing ES on the search head(s) and running the distributed configuration management tool.

D. Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.