Question 1

Which configurations are required for data normalization in Splunk? (Choose two)

Options :

A : props.conf

B : transforms.conf

C : savedsearches.conf

D : authorize.conf

E : eventtypes.conf

Answer: A,B

Question 2

What are benefits of aligning security processes with common methodologies like NIST or MITRE ATT&CK? (Choose two)

Options :

A : Enhancing organizational compliance

B : Accelerating data ingestion rates

C : Ensuring standardized threat responses

D : Improving incident response metrics

Answer: A,C

Question 3

What is the primary purpose of data indexing in Splunk?

Options :

A : To ensure data normalization

B : To store raw data and enable fast search capabilities

C : To secure data from unauthorized access

D : To visualize data using dashboards

Answer: B

Question 4

What does Splunk's term "bucket" refer to in data indexing?

Options :

A : A storage unit for archived data

B : A collection of events with a specific retention policy

C : A directory containing indexed data

D : A database table for search results

Answer: C

Question 5

What elements are critical for developing meaningful security metrics? (Choose three)

Options :

A : Relevance to business objectives

B : Regular data validation

C : Visual representation through dashboards

D : Avoiding integration with third-party tools

E : Consistent definitions for key terms

Answer: A,B,E