[&] How does Splunk handle data ingestion?
- By ingesting data from various sources  -- Correct
- Through downloading data from online sources
- By collecting data only from security tools
- By receiving data exclusively from cloud infrastructure

[&] What is the function of Splunk's Search Processing Language (SPL)?
- To program new functionalities in Splunk
- To manage user authentication processes
- To redesign Splunk's user interface
- To write custom queries for filtering and analyzing data -- Correct

[&] Which feature distinguishes Splunk Enterprise Security from Splunk Enterprise?
- Built-in basic analysis capabilities
- Security-focused features like correlation searches and risk-based alerting -- Correct
- Enhanced support for third-party apps
- Basic data indexing features