Adaptive response action history is stored in which index?

1. A. cim_modactions
2. B. modular_history
3. C. cim_adaptiveactions
4. D. modular_action_history

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/Indexes

At what point in the ES installation process should Splunk_TA_ForIndexes.spl be deployed to the indexers?

1. A. When adding apps to the deployment server.
2. B. Splunk_TA_ForIndexers.spl is installed first.
3. C. After installing ES on the search head(s) and running the distributed configuration management tool.
4. D. Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the splunk apply cluster-bundle command.

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons

Which of the following threat intelligence types can ES download? (Choose all that apply)

1. A. Text
2. B. STIX/TAXII
3. C. VulnScanSPL
4. D. SplunkEnterpriseThreatGenerator

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Downloadthreatfeed

Which indexes are searched by default for CIM data models?

1. A. notable and default
2. B. summary and notable
3. C. _internal and summary
4. D. All indexes

Correct Answer: D
Reference: https://answers.splunk.com/answers/600354/indexes-searched-by-cim-data-models.html

How is it possible to navigate to the list of currently-enabled ES correlation searches?

1. A. Configure -> Correlation Searches -> Select Status “Enabled”
2. B. Settings -> Searches, Reports, and Alerts -> Filter by Name of “Correlation”
3. C. Configure -> Content Management -> Select Type “Correlation” and Status “Enabled”
4. D. Settings -> Searches, Reports, and Alerts -> Select App of “SplunkEnterpriseSecuritySuite” and filter by “-Rule”

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Listcorrelationsearches