Question 1

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

Options :

A : $fieldname$

B : ''fieldname''

C : %fieldname%

D : _fieldname_

Answer: A

Question 2

Which of the following ES features would a security analyst use while investigating a network anomaly notable?

Options :

A : Correlation editor.

B : Key indicator search.

C : Threat download dashboard.

D : Protocol intelligence dashboard.

Answer: D

Question 3

Where are attachments to investigations stored?

Options :

A : KV Store

B : notable index

C : attachments.csv lookup

D : <splunk_home>/etc/apps/SA-Investigations/default/ui/views/attachments

Answer: A

Question 4

What kind of value is in the red box in this picture?

Other-Image-8779efe69-e23f-4b31-81f0-88a5b1c6e4e7

Options :

A : A risk score.

B : A source ranking.

C : An event priority.

D : An IP address rating.

Answer: A

Question 5

Which of these Is a benefit of data normalization?

Options :

A : Reports run faster because normalized data models can be optimized for better performance.

B : Dashboards take longer to build.

C : Searches can be built no matter the specific source technology for a normalized data type.

D : Forwarder-based inputs are more efficient.

Answer: A