Question 1

Where are attachments to investigations stored?

Options :

A : KV Store

B : notable index

C : attachments.csv lookup

D : <splunk_home>/etc/apps/SA-Investigations/default/ui/views/attachments

Answer: A

Question 2

When investigating, what is the best way to store a newly-found IOC?

Options :

A : Paste it into Notepad.

B : Click the ''Add IOC'' button.

C : Click the ''Add Artifact'' button.

D : Add it in a text note to the investigation.

Answer: B

Question 3

What is an example of an ES asset?

Options :

A : MAC address

B : User name

C : Server

D : People

Answer: A

Question 4

Where is detailed information about identities stored?

Options :

A : The Identity Investigator index.

B : The Access Anomalies collection.

C : The User Activity index.

D : The Identity Lookup CSV file.

Answer: C

Question 5

Which settings indicated that the correlation search will be executed as new events are indexed?

Options :

A : Always-On

B : Real-Time

C : Scheduled

D : Continuous

Answer: C