What is Splunk?

2. What is machine data?

3. Define Splunk’s key architecture components listed below:

    1. Forwarder
    2. Indexer
    3. Search Head
    4. License Server
    5. Deployment Server
    6. Syslog Server

4. Define 3 types of analytics:

5. Explain Splunk SPL Search:

6. Explain Splunk’s Core features:

    1. Reports

    2. Dashboards

    3. Apps

    4. Alerts

7. List / define the 5 v’s of big data and describe why it’s so important to understand them when implementing a Splunk Enterprise solution:

8. List and briefly describe 3 ways to get machine logs into Splunk:

9. True or False – Splunk can only be installed on LINUX based systems.

10. True or False – Splunk uses pre-defined schema and database tables on the back end Indexer.

11. True or False – Splunk Alerts can be created to monitor machine data in real-time, alerting of an event as soon as it logged by the host.

12. True of False – Raw data is easier for the human brain to comprehend than data visualizations.

13. True or False – Pattern recognition is a powerful feature built into Splunk.

14. Define logging best practices and give at least one example:

15. Explain the difference between operational intelligence and business intelligence:

16. How can Splunk be of assistance during a forensic investigation?

17. Define host , data source, and data source type

18. What are data siloes?

19. Give two examples on how Splunk can be used to detect cyber threats:

20. What is a needle in the haystack?

21. Extra Credit #1 Explain machine log noise and low hanging fruit:

22. Extra Credit #2 – When developing a Splunk use case, list at least 4 questions you should ask the solutions team?

******In your own words, please answer the questions. Note: I do not want cut and pasted answers from the internet and citations are not necessary.******