Splunk Enterprise Security Certified Admin

Splunk Enterprise Security Certified Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customizations. Getting certifications like these make you a preferable candidate for the job as well as increases your importance. They help in showing your commitment towards your aim and dedication towards your work and organization. The IT industry has paced up a lot since last decade and is expected to grow a lot in future.

IT related career options continues to be at the top of list in terms of career transitions or skill transitions. This is all because in this technological epoch, a certified professional is valued more than a normal employee who just holds the degree. All the companies, be it an IT company or non-IT company, demand highly skilled and certified professionals at work to increase the efficiency and perfection of the work.

About Splunk Enterprise Security Certified Admin

The Splunk Enterprise Security Certified Admin exam is the final step towards completion of the Splunk ES Certified Admin certification.

Key Learning Areas

The following content areas are general guidelines for the content to be included on the exam:

Identifying normal ES use cases
Examining deployment requirements for typical ES installs
Knowing how to install ES and gather information for lookups
Knowing the steps to setting up inputs using technology add-ons
Creating custom correlation searches
Configuring ES risk analysis, threat, and protocol intelligence
Fine tuning ES settings and other customizations

Exam Pattern

Exam Name: Splunk Enterprise Security Certified Admin
Number of Questions: 61
Length of Time: 57 minutes
Exam Fee: $125 USD
Exam Language: English

Splunk Enterprise Security Certified Admin Prerequisite

Candidates for this exam are recommended to complete the lecture, hands-on labs, and quizzes that are part of the:

Either

Splunk Enterprise System Administration
Splunk Enterprise Data Administration courses

Splunk Cloud Administration course and
Administering Splunk Enterprise Security course

Registration Policy

Follow the below mentioned process to register for the exam –

For all candidates attempting their first exam under the new program, please start by filling out this form to connect your Splunk account to your new Pearson VUE account. Candidates must use Latin characters for all form fields.Candidates with foreign scripts on their photo ID will be granted exam access based on standard transliteration guidelines. Please note: this form only needs to be submitted once for account creation.
Once your accounts are connected (which may take up to 3 business days), you will receive your exam authorizations via email.
These authorization emails will contain your “Splunk ID” (hint: not your Splunk.com username), which you’ll use to create an account with Pearson VUE. Your Splunk ID will look like PV-12345678.
You can register for the exam at a Pearson VUE testing facility near you, or in your home or office via online proctor. We strongly encourage all candidates considering the online proctored option to read this overview prior to scheduling their exam appointment.
For any questions regarding exam delivery, please contact Pearson VUE directly.

Retake Policy

Candidates who do not pass an exam on their first attempt must wait 7 days to retake the exam. Wait time begins the day after the exam. Please refer to the table below –

Candidates who do not pass an exam on their second attempt must wait 14 days to retake the exam. Wait time begins the day after the attempt.
Subsequent retakes are as follows:

Fourth attempt 4 weeks or 28 days
Fifth attempt 8 weeks or 56 days
Sixth attempt 8 weeks or 56 days

Retakes beyond the 6th attempt will be considered on a case-by-case basis. Splunk reserves the right to deny a retake beyond the 6th attempt

Check: Splunk Enterprise Security Certified Admin Interview Questions

Splunk Enterprise Security Certified Admin FAQs

Make sure to visit the official site before you start preparing for the exam. learning about the policies and terms & conditions of the exam is necessary so as to not to miss something that is really important for the exam. To know more, visit Splunk Enterprise Security Certified Admin Exam FAQs.

Course Outline

The Splunk Enterprise Security Certified Admin study guide covers the following exam objectives:

1.0 ES Introduction 5%
1.1 Overview of ES features and concepts (Splunk Documentation: Splunk Enterprise)

2.0 Monitoring and Investigation 10%
2.1 Security posture (Splunk Documentation: Security Posture dashboard)
2.2 Incident review (Splunk Documentation: Overview of Incident Review in Splunk Enterprise Security)
2.3 Notable events management (Splunk Documentation: notable event)
2.4 Investigations (Splunk Documentation: Investigations in Splunk Enterprise Security)

3.0 Security Intelligence 5%
3.1 Overview of security intel tools (Splunk Reference: Enterprise Security Threat Intelligence)

4.0 Forensics, Glass Tables, and Navigation Control 10%
4.1 Explore forensics dashboards (Splunk Reference: Using Splunk in Automating Forensic Investigations in AWS)
4.2 Examine glass tables (Splunk Documentation: Create a glass table in Splunk Enterprise Security)
4.3 Configure navigation and dashboard permissions (Splunk Documentation: Configure dashboard permissions)

5.0 ES Deployment 10%
5.1 Identify deployment topologies (Splunk Documentation: Deployment topologies)
5.2 Examine the deployment checklist (Splunk Documentation: Checklist of tasks to install Splunk UBA)
5.3 Understand indexing strategy for ES (Splunk Documentation: Indexes, indexers, and indexer clusters)
5.4 Understand ES Data Models (Splunk Documentation: data model)

6.0 Installation and Configuration 15%
6.1 Prepare a Splunk environment for installation (Splunk Documentation: Installation instructions)
6.2 Download and install ES on a search head (Splunk Documentation: Install Splunk Enterprise Security)
6.3 Understand ES Splunk user accounts and roles (Splunk Documentation: Configure users and roles)
6.4 Post-install configuration tasks (Splunk Documentation: Ways you can configure Splunk software)

7.0 Validating ES Data 10%
7.1 Plan ES inputs (Splunk Documentation: Data source planning for Splunk Enterprise Security)
7.2 Configure technology add-ons (Splunk Documentation: technology add-ons)

8.0 Custom Add-ons 5%
8.1 Design a new add-on for custom data (Splunk Documentation: Create an add-on)
8.2 Use the Add-on Builder to build a new add-on (Splunk Documentation: Use the Splunk Add-on Builder)

9.0 Tuning Correlation Searches 10%
9.1 Configure correlation search scheduling and sensitivity (Splunk Documentation: Configure correlation searches in Splunk Enterprise Security)
9.2 Tune ES correlation searches (Splunk Documentation: Tuning Enterprise Security correlation searches)

10.0 Creating Correlation Searches 10%
10.1 Create a custom correlation search (Splunk Documentation: Create a correlation search)
10.2 Configuring adaptive responses (Splunk Documentation: Adaptive Response action to a correlation search)
10.3 Search export/import (Splunk Documentation: Export data using Splunk Web)

11.0 Lookups and Identity Management 5%
11.1 Identify ES-specific lookups (Splunk Documentation: Manage internal lookups in Splunk Enterprise Security)
11.2 Understand and configure lookup lists (Splunk Documentation: Introduction to lookup configuration)

12.0 Threat Intelligence Framework 5%
12.1 Understand and configure threat intelligence (Splunk Documentation: Add threat intelligence to Splunk Enterprise Security)
12.2 Configure user activity analysis (Splunk Documentation: User Activity Monitoring)

Splunk Enterprise Security Certified Admin Study Guide

There are unlimited resources for preparation that you can use and create a Splunk Enterprise Security Certified Admin blueprint for passing the exam. Cracking this exam can be difficult for the first time. But with the right set of resources and hard work you can ace the exam in one go. So, you should be very careful while choosing the resources. Let us have a look at some of the resources-

Splunk Enterprise Security Certified Admin preparation guide

Splunk Free Online Courses

These online classes and instructor led courses are one of the most interactive ways of preparing the exam. Many reliable sites provide with the very nice instructors and excellent content for the preparation. As we all are habitual of classroom teaching, these classes can serve as close substitute with an advantage of attending the class anywhere. You can access these courses from Splunk from these links –

Splunk Learning paths

A Learning Path is a selection of courses tied together for learners to progress through, mastering a particular subject or program. It allows you to enroll multiple users in multiple courses at once saving you valuable time. You can access the Splunk Enterprise Security Certified Admin exam learning paths from the below-mentioned links –

Splunk Certification Tracks

Certification tracks from Splunk are also very useful for preparation. They provide you with a set of tracks which are easily accessible and readily available to learn. You can access them from the links mentioned below-

To know more about the Splunk Enterprise Security Certified Admin training resources you can visit the official site.

Practice papers and test series

Your practice is an important determiner of how well you pass the exam. Take as many practice tests and test series as you can. Splunk Enterprise Security Certified Admin exam practice tests will help you in determining the level of your preparation, identify your loopholes, and identify the weak portions you need to work more upon. There are so many reliable educational sites that provide amazing content and help you in achieving excellence. Try a free practice test now!

Splunk Enterprise Security Certified Admin free practice test