Splunk Enterprise Security Certified Admin (SPLK-3001) 

About Splunk Enterprise Security Certified Admin

Splunk Enterprise Security Certified Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations. This exam demonstrates candidate's ability to install, configure, and manage a Splunk Enterprise Security deployment.

The Splunk Enterprise Security (ES) Certified Admin exam is the final step towards completion of the Splunk ES Certified Admin certification. 

Recommended Prerequisite Courses

Candidates for this exam are recommended to complete the lecture, hands-on labs, and quizzes that are part of the:

Either

• Splunk Enterprise System Administration 

• Splunk Enterprise Data Administration courses 

Or 

• Splunk Cloud Administration course

And

Administering Splunk Enterprise Security course

Key Learning Areas

The following content areas are general guidelines for the content to be included on the exam:

• Identifying normal ES use cases
• Examining deployment requirements for typical ES installs
• Knowing how to install ES and gather information for lookups
• Knowing the steps to setting up inputs using technology add-ons
• Creating custom correlation searches
• Configuring ES risk analysis, threat, and protocol intelligence
• Fine tuning ES settings and other customizations

Course Structure

ES Introduction 5%

1.1 Overview of ES features and concepts

Monitoring and Investigation 10%

2.1 Security posture

2.2 Incident review

2.3 Notable events management

2.4 Investigations

Security Intelligence 5%

3.1 Overview of security intel tools

Forensics, Glass Tables, and Navigation Control 10%

4.1 Explore forensics dashboards

4.2 Examine glass tables

4.3 Configure navigation and dashboard permissions

ES Deployment 10%

5.1 Identify deployment topologies

5.2 Examine the deployment checklist

5.3 Understand indexing strategy for ES

5.4 Understand ES Data Models

Installation and Configuration 15%

6.1 Prepare a Splunk environment for installation

6.2 Download and install ES on a search head

6.3 Understand ES Splunk user accounts and roles

6.4 Post-install configuration tasks

Validating ES Data 10%

7.1 Plan ES inputs

7.2 Configure technology add-ons

Custom Add-ons 5%

8.1 Design a new add-on for custom data

8.2 Use the Add-on Builder to build a new add-on

Tuning Correlation Searches 10%

9.1 Configure correlation search scheduling and sensitivity

9.2 Tune ES correlation searches

Creating Correlation Searches 10%

10.1 Create a custom correlation search

10.2 Configuring adaptive responses

10.3 Search export/import

Lookups and Identity Management 5%

11.1 Identify ES-specific lookups

11.2 Understand and configure lookup lists

Threat Intelligence Framework 5%

12.1 Understand and configure threat intelligence

12.2 Configure user activity analysis

Exam Pattern 

Exam Name: Splunk Enterprise Security Certified Admin

Number of Questions: 61

Length of Time:  57 minutes

Exam Fee: $125 USD 

Exam Language: English

What do we offer?

5 full-length mock test with unique questions in each test set

Practice objective questions with section-wise scores

An in-depth and exhaustive explanation for every question

Reliable exam reports evaluating strengths and weaknesses

Latest Questions with an updated version

Tips & Tricks to crack the test

Unlimited access

What are our Practice Exams?

Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.

Practice exam questions have been created on the basis of content outlined in the official documentation.

Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.

Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.

You can also create your own practice exam based on your choice and preference 

100% Assured Test Pass Guarantee

We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee!