Use this quick start guide to collect all the information about Splunk Enterprise Security Admin (SPLK-3001) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SPLK-3001 Splunk Enterprise Security Certified Admin exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Splunk Enterprise Security Administrator certification exam.
The Splunk Enterprise Security Admin certification is mainly targeted to those candidates who want to build their career in Enterprise domain. The Splunk Enterprise Security Certified Administrator exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Splunk Enterprise Security Administrator.
Splunk Enterprise Security Admin Exam Summary:
| Exam Name | Splunk Enterprise Security Certified Administrator |
| Exam Code | SPLK-3001 |
| Exam Price | $130 (USD) |
| Duration | 60 mins |
| Number of Questions | 48 |
| Passing Score | 700 / 1000 |
| Schedule Exam | Pearson VUE |
| Sample Questions | Splunk Enterprise Security Admin Sample Questions |
| Practice Exam | Splunk SPLK-3001 Certification Practice Exam |
Splunk SPLK-3001 Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
| ES Introduction | - Overview of ES features and concepts | 5% |
| Monitoring and Investigation |
- Security posture - Incident review - Notable events management - Investigations |
10% |
| Security Intelligence | - Overview of security intel tools | 5% |
| Forensics, Glass Tables, and Navigation Control |
- Explore forensics dashboards - Examine glass tables - Configure navigation and dashboard permissions |
10% |
| ES Deployment |
- Identify deployment topologies - Examine the deployment checklist - Understand indexing strategy for ES - Understand ES Data Models |
10% |
| Installation and Configuration |
- Prepare a Splunk environment for installation - Download and install ES on a search head - Understand ES Splunk user accounts and roles - Post-install configuration tasks |
15% |
| Validating ES Data |
- Plan ES inputs - Configure technology add-ons |
10% |
| Custom Add-ons |
- Design a new add-on for custom data - Use the Add-on Builder to build a new add-on |
5% |
| Tuning Correlation Searches |
- Configure correlation search scheduling and sensitivity
- Tune ES correlation searches
|
10% |
| Creating Correlation Searches |
- Create a custom correlation search - Configuring adaptive responses - Search export/import |
10% |
| Lookups and Identity Management |
- Identify ES-specific lookups
- Understand and configure lookup lists
|
5% |
| Threat Intelligence Framework |
- Understand and configure threat intelligence
- Configure user activity analysis
|
5% |
To ensure success in Splunk Enterprise Security Administrator certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Splunk Enterprise Security Certified Admin (SPLK-3001) exam.