Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Splunk Exam SPLK-3001 Topic 1 Question 73 Discussion

Actual exam question for Splunk's SPLK-3001 exam
Question #: 73
Topic #: 1
[All SPLK-3001 Questions]

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Chaya at Aug 05, 2023, 05:42 AM

Limited Time Offer

25%

Off

Get Premium SPLK-3001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gussie
1 months ago
Option C looks promising. By removing the ess_user from the status transitions for the Closed status, they won't be able to change the status of Resolved notable events.
upvoted 0 times
Cordell
15 hours ago
Option C looks promising. By removing the ess_user from the status transitions for the Closed status, they won't be able to change the status of Resolved notable events.
upvoted 0 times
...
...
Elizabeth
2 months ago
Haha, if the admin wants to really mess with the ess_users, they should just change the Closed status to 'Classified' and watch them scratch their heads.
upvoted 0 times
Jennie
17 days ago
C) Haha, that would definitely confuse them! But for a more practical approach, the admin should go with option B.
upvoted 0 times
...
Jolene
25 days ago
B) From the Status Configuration window select the Closed status. Remove ess_user from the status transitions for the Resolved status.
upvoted 0 times
...
Billye
1 months ago
A) In Enterprise Security, give the ess_user role the Own Notable Events permission.
upvoted 0 times
...
...
Bernadine
2 months ago
I'm not sure if Option D is the right choice. Removing the edit_notable_events capability might have unintended consequences.
upvoted 0 times
...
Gerald
2 months ago
Option B seems the way to go. Removing the ess_user role from the status transitions for the Resolved status will do the trick.
upvoted 0 times
Clement
1 months ago
User 2: Agreed, removing ess_user from the status transitions for the Resolved status will prevent them from changing the status to Closed.
upvoted 0 times
...
Miss
2 months ago
User 1: I think option B is the best choice.
upvoted 0 times
...
...
Kristal
2 months ago
But wouldn't giving the ess_user role the Own Notable Events permission also help restrict them from closing events?
upvoted 0 times
...
Erick
2 months ago
I agree with Gerald. That way, ess_user won't be able to change the status of Resolved notable events to Closed.
upvoted 0 times
...
Gerald
2 months ago
I think the admin should remove ess_user from the status transitions for the Closed status.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77