Splunk Enterprise Security Certified Admin Tests-SPLK-3001

Prepare yourself for SPLK-3001 Exam and Splunk Enterprise Security Admin level interviews

This course will cut down on your practice time. Explanation and references are provided at the end of the practice test to help you improve your knowledge. These questions will come in handy during the Splunk Admin interview.

    The Splunk Enterprise Certified Admin exam is final step towards the completion of the Splunk certification. This exam is a 57-minute, 48-questions assessment which evaluates a candidate’s knowledge and skills in the installation, configuration, and management of Splunk Enterprise Security. It is recommended that candidates for this certification complete the lecture, hands-on labs, and quizzes that are part of the Administering Splunk Enterprise Security course, in order to be prepared for the certification exam.

    IMPORTANT: When you sit for your certification exam, you will have 3 minutes to review and accept the Splunk Certification Agreement. Exam sessions will be terminated if this is not accepted within the designated time-frame.

The Administering Splunk Enterprise Security course focuses on Administrators who manage a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations.

Topics Include:

1.0 ES Introduction 5%

1.1 Overview of ES features and concepts

2.0 Monitoring and Investigation 10%

2.1 Security posture

2.2 Incident review

2.3 Notable events management

2.4 Investigations

3.0 Security Intelligence 5%

3.1 Overview of security intel tools

4.0 Forensics, Glass Tables, and Navigation Control 10%

4.1 Explore forensics dashboards

4.2 Examine glass tables

4.3 Configure navigation and dashboard permissions

5.0 ES Deployment 10%

5.1 Identify deployment topologies

5.2 Examine the deployment checklist

5.3 Understand indexing strategy for ES

5.4 Understand ES Data Models

6.0 Installation and Configuration 15%

6.1 Prepare a Splunk environment for installation

6.2 Download and install ES on a search head

6.3 Understand ES Splunk user accounts and roles

6.4 Post-install configuration tasks

7.0 Validating ES Data 10%

7.1 Plan ES inputs

7.2 Configure technology add-ons

8.0 Custom Add-ons 5%

8.1 Design a new add-on for custom data

8.2 Use the Add-on Builder to build a new add-on

9.0 Tuning Correlation Searches 10%

9.1 Configure correlation search scheduling and sensitivity

9.2 Tune ES correlation searches

10.0 Creating Correlation Searches 10%

10.1 Create a custom correlation search

10.2 Configuring adaptive responses

10.3 Search export/import

11.0 Lookups and Identity Management 5%

11.1 Identify ES-specific lookups

11.2 Understand and configure lookup lists

12.0 Threat Intelligence Framework 5%

12.1 Understand and configure threat intelligence

12.2 Configure user activity analysis

Please reach out to me if you need any support on Splunk Development. I am happy to help.