Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-3001 Topic 1 Question 80 Discussion

Actual exam question for Splunk's SPLK-3001 exam
Question #: 80
Topic #: 1
[All SPLK-3001 Questions]

Following the Installation of ES, an admin configured Leers with the ss_uso r role the ability to close notable events. How would the admin restrict these users from being able to change the status of Resolved notable events to closed?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Sarah at Jan 24, 2024, 06:30 PM

Limited Time Offer

25%

Off

Get Premium SPLK-3001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Huey
24 days ago
I bet the ess_user role is feeling a little 'resolved' about their inability to change the status of those notable events.
upvoted 0 times
...
Jean
1 months ago
C) is a bold move, giving the ess_user role the own Notable Events permission. I hope they have a good reason for that!
upvoted 0 times
Val
10 days ago
C) In Enterprise Security, give the ess_user role the own Notable Events permission.
upvoted 0 times
...
Winfred
14 days ago
B) From the Status Configuration windows select the closed status. Remove ess_user from the status transitions for the Resolved status.
upvoted 0 times
...
Irma
19 days ago
A) From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
upvoted 0 times
...
Valentine
28 days ago
A) From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
upvoted 0 times
...
...
Marsha
2 months ago
D) is an interesting option, but it would remove the ess_user role's ability to edit any notable events, not just the Resolved ones.
upvoted 0 times
Justine
14 days ago
B) From the Status Configuration windows select the closed status. Remove ess_user from the status transitions for the Resolved status.
upvoted 0 times
...
Corazon
17 days ago
A) From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
upvoted 0 times
...
Jettie
21 days ago
B) From the Status Configuration windows select the closed status. Remove ess_user from the status transitions for the Resolved status.
upvoted 0 times
...
Haydee
24 days ago
A) From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the closed status.
upvoted 0 times
...
...
Glenn
2 months ago
I'm not sure, but I think option D could also work. Removing the edit_notable_events capability from the ess_user role would limit their ability to close notable events.
upvoted 0 times
...
Lauran
2 months ago
B) is not the right answer, as it would remove the ess_user role from the status transitions for the Resolved status, not the Closed status.
upvoted 0 times
...
Salome
2 months ago
I agree with Ceola. That makes sense. It's important to restrict access to prevent unauthorized changes.
upvoted 0 times
...
Aileen
2 months ago
A) seems like the correct answer, as it restricts the ess_user role from being able to change the status of Resolved notable events to closed.
upvoted 0 times
Gilma
6 days ago
D) It's crucial to manage access controls to ensure the security of the system.
upvoted 0 times
...
Chauncey
8 days ago
A) That makes sense, it's important to restrict certain roles from making changes to closed events.
upvoted 0 times
...
Cherry
9 days ago
B) I agree, removing ess_user from the status transitions for the Resolved status would prevent them from closing notable events.
upvoted 0 times
...
Ulysses
1 months ago
A) seems like the correct answer, as it restricts the ess_user role from being able to change the status of Resolved notable events to closed.
upvoted 0 times
...
...
Ceola
2 months ago
I think the answer is A. By removing ess_user from the status transitions for the closed status, they won't be able to change the status of Resolved notable events to closed.
upvoted 0 times
...

Save Cancel