Splunk Enterprise Security Certified Admin Exam SPLK-3001 Question # 29 Topic 3 Discussion

SPLK-3001 Exam Topic 3 Question 29 Discussion:

Question #: 29

Topic #: 3

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.
How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

In Enterprise Security, give the ess_user role the Own Notable Events permission.

From the Status Configuration window select the Closed status. Remove ess_user from the status

transitions for the Resolved status.

From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the Closed status.

From Splunk Access Controls, select the ess_user role and remove the edit_notable_events capability.

Get Premium SPLK-3001 Questions

Actual exam question for Splunk SPLK-3001 exam by Xander37507 at Nov 9, 2025, 11:03:35 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Big 11.11 Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Splunk Enterprise Security Certified Admin Exam SPLK-3001 Question # 29 Topic 3 Discussion

Splunk Enterprise Security Certified Admin Exam SPLK-3001 Question # 29 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Big 11.11 Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Splunk Enterprise Security Certified Admin Exam SPLK-3001 Question # 29 Topic 3 Discussion

Splunk Enterprise Security Certified Admin Exam SPLK-3001 Question # 29 Topic 3 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval