Which column in the Asset or Identity list is combined with event security to make a notable event's urgency?

A. VIP

B. Priority

C. Importance

D. Criticality

Enterprise Security's dashboards primarily pull data from what type of knowledge object?

A. Tstats

B. KV Store

C. Data models

D. Dynamic lookups

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

A. $fieldname$

B. "fieldname"

C. %fieldname%

D. _fieldname_

How should an administrator add a new lookup through the ES app?

A. Upload the lookup file in Settings -> Lookups -> Lookup Definitions

B. Upload the lookup file in Settings -> Lookups -> Lookup table files

C. Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups

D. Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

What should be used to map a non-standard field name to a CIM field name?

A. Field alias.

B. Search time extraction.

C. Tag.

D. Eventtype.

Which feature contains scenarios that are useful during ES Implementation?

A. Use Case Library

B. Correlation Searches

C. Predictive Analytics

D. Adaptive Responses

Following the Installation of ES, an admin configured Leers with the ﹕s_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

A. From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.

B. From the Status Configuration windows select the closed status. Remove ess_use r from the status transitions for the Resolved status.

C. In Enterprise Security, give the ess_user role the own Notable Events permission.

D. From Splunk Access Controls, select the ess_user role and remove the edit_notabie_events capability.

The option to create a Short ID for a notable event is located where?

A. The Additional Fields.

B. The Event Details.

C. The Contributing Events.

D. The Description.

Which of the following is part of tuning correlation searches for a new ES installation?

A. Configuring correlation notable event index.

B. Configuring correlation permissions.

C. Configuring correlation adaptive responses.

D. Configuring correlation result storage.

Which of the following is a key feature of a glass table?

A. Rigidity.

B. Customization.

C. Interactive investigations.

D. Strong data for later retrieval.