ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-3001 All Questions

View all questions & answers for the SPLK-3001 exam
Go to Exam

Exam SPLK-3001 topic 1 question 54 discussion

Actual exam question from Splunk's SPLK-3001
Question #: 54
Topic #: 1
[All SPLK-3001 Questions]

The Brute Force Access Behavior Detected correlation search is enabled, and is generating many false positives. Assuming the input data has already been validated.
How can the correlation search be made less sensitive?

  • A. Edit the search and modify the notable event status field to make the notable events less urgent.
  • B. Edit the search, look for where or xswhere statements, and after the threshold value being compared to make it less common match.
  • C. Edit the search, look for where or xswhere statements, and alter the threshold value being compared to make it a more common match.
  • D. Modify the urgency table for this correlation search and add a new severity level to make notable events from this search less urgent.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.splunk.com/Documentation/ES/6.1.0/User/Howurgencyisassigned
by tjoles at May 17, 2023, 7:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tjoles
1 month, 1 week ago
Selected Answer: B
Answer is B. there is a typo(should be alter)
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago