Black Friday Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

Splunk SPLK-1001 Dumps

Page: 1 / 24
Total 244 questions
Get SPLK-1001 Full Access Download SPLK-1001 PDF

Splunk Core Certified User Questions and Answers

Question 1

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)

Options:

A.

h

B.

day

C.

mon

D.

yr

E.

y

F.

w

G.

week

Question 2

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

Options:

A.

User

B.

Alerting

C.

Power

D.

Admin

Question 3

Documentations for Splunk can be found at docs.splunk.com

Options:

A.

True

B.

False

Question 4

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

Options:

A.

| rare top=5

B.

| top rare=5

C.

| top limit=5

D.

| rare limit=5

Question 5

You can view the search result in following format (Choose three.):

Options:

A.

Table

B.

Raw

C.

Pie Chart

D.

List

Question 6

Parsing of data can happen both in HF and UF.

Options:

A.

Yes

B.

No

Question 7

Which search would return events from the access_combined sourcetype?

Options:

A.

Sourcetype=access_combined

B.

Sourcetype=Access_Combined

C.

sourcetype=Access_Combined

D.

SOURCETYPE=access_combined

Question 8

Which of the following is the best description of Splunk Apps?

Options:

A.

Built only by Splunk employees.

B.

A collection of files.

C.

Only available for download on Splunkbase.

D.

Available on iOS and Android.

Question 9

Which stats command function provides a count of how many unique values exist for a given field in the result set?

Options:

A.

dc(field)

B.

count(field)

C.

count-by(field)

D.

distinct-count(field)

Question 10

We should use heavy forwarder for sending event-based data to Indexers.

Options:

A.

False

B.

True

Question 11

Which statement is true about Splunk alerts?

Options:

A.

Alerts are based on searches that are either run on a scheduled interval or in real-time.

B.

Alerts are based on searches and when triggered will only send an email notification.

C.

Alerts are based on searches and require cron to run on scheduled interval.

D.

Alerts are based on searches that are run exclusively as real-time.

Question 12

What is a suggested Splunk best practice for naming reports?

Options:

A.

Reports are best named using many numbers so they can be more easily sorted.

B.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

C.

Name reports as uniquely as possible with no overlap to differentiate them from one another.

D.

Any naming convention is fine as long as you keep an external spreadsheet to keep track.

Question 13

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.

Options:

A.

inputlookup

B.

lookup

Question 14

How are events displayed after a search is executed?

Options:

A.

In chronological order.

B.

Randomly by default.

C.

In reverse chronological order.

D.

Alphabetically according to field name.

Question 15

What kind of logs can Splunk Index?

Options:

A.

Only A, B

B.

Router and Switch Logs

C.

Firewall and Web Server Logs

D.

Only C

E.

Database logs

F.

All firewall, web server, database, router and switch logs

Question 16

After running a search, what effect does clicking and dragging across the timeline have?

Options:

A.

Executes a new search.

B.

Filters current search results.

C.

Moves to past or future events.

D.

Expands the time range of the search.

Question 17

How can search results be kept longer than 7 days?

Options:

A.

By scheduling a report.

B.

By creating a link to the job.

C.

By changing the job settings.

D.

By changing the time range picker to more than 7 days.

Question 18

What syntax is used to link key/value pairs in search strings?

Options:

A.

Parentheses

B.

@ or # symbols

C.

Quotation marks

D.

Relational operators such as =, <, or >

Question 19

Lookups allow you to overwrite your raw event.

Options:

A.

True

B.

False

Question 20

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

Options:

A.

An app

B.

JSON

C.

A role

D.

An enhanced solution

Question 21

Which time range picker configuration would return real-time events for the past 30 seconds?

Options:

A.

Preset - Relative: 30-seconds ago

B.

Relative - Earliest: 30-seconds ago, Latest: Now

C.

Real-time - Earliest: 30-seconds ago, Latest: Now

D.

Advanced - Earliest: 30-seconds ago, Latest: Now

Question 22

Which Boolean operator is always implied between two search terms, unless otherwise specified?

Options:

A.

OR

B.

NOT

C.

AND

D.

XOR

Question 23

Which statement describes field discovery at search time?

Options:

A.

Splunk automatically discovers only numeric fields

B.

Splunk automatically discovers only alphanumeric fields

C.

Splunk automatically discovers only manually configured fields

D.

Splunk automatically discovers only fields directly related to the search results

Question 24

How can another user gain access to a saved report?

Options:

A.

The owner of the report can edit permissions from the Edit dropdown

B.

Only users with an Admin or Power User role can access other users' reports

C.

Anyone can access any reports marked as public within a shared Splunk deployment

D.

The owner of the report must clone the original report and save it to their user account

Question 25

Prefix wildcards might cause performance issues.

Options:

A.

False

B.

True

Question 26

There are three different search modes in Splunk (Choose three.):

Options:

A.

Automatic

B.

Smart

C.

Fast

D.

Verbose

Question 27

Which of the following is true about user account settings and preferences?

Options:

A.

Search & Reporting is the only app that can be set as the default application.

B.

Full names can only be changed by accounts with a Power User or Admin role.

C.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

D.

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Question 28

Which events will be returned by the following search string?

host=www3 status=503

Options:

A.

All events that either have a host of www3 or a status of 503.

B.

All events with a host of www3 that also have a status of 503

C.

We need more information: we cannot tell without knowing the time range

D.

We need more information a search cannot be run without specifying an index

Question 29

Every Search in Splunk is also called _____________.

Options:

A.

None of the above

B.

Job

C.

Search Only

Question 30

By default search results are not returned in ________ order.

Options:

A.

Chronological

B.

Reverser chronological

C.

ASCIE

D.

Alphabetical

Question 31

Can you stop or pause the searching?

Options:

A.

No

B.

Yes

Question 32

Which command is used to review the contents of a specified static lookup file?

Options:

A.

lookup

B.

csvlookup

C.

inputlookup

D.

outputlookup

Question 33

Which component of Splunk is primarily responsible for saving data?

Options:

A.

Search Head

B.

Heavy Forwarder

C.

Indexer

D.

Universal Forwarder

Question 34

Which of the following fields is stored with the events in the index?

Options:

A.

user

B.

source

C.

location

D.

sourcelp

Question 35

Which of the following describes lookup files?

Options:

A.

Lookup fields cannot be used in searches

B.

Lookups contain static data available in the index

C.

Lookups add more fields to results returned by a search

D.

Lookups pull data at index time and add them to search results

Question 36

Which of the following is the most efficient search?

Options:

A.

index=* “failed password”

B.

“failed password” index=*

C.

(index=* OR index=security) “failed password”

D.

index=security “failed password”

Question 37

Monitor option in Add Data provides _______________.

Options:

A.

Only continuous monitoring.

B.

Only One-time monitoring.

C.

None of the above.

D.

Both One-time and continuous monitoring

Question 38

What determines the scope of data that appears in a scheduled report?

Options:

A.

All data accessible to the User role will appear in the report.

B.

All data accessible to the owner of the report will appear in the report.

C.

All data accessible to all users will appear in the report until the next time the report is run.

D.

The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.

Question 39

You can on-board data to Splunk using following means (Choose four.):

Options:

A.

Props

B.

CLI

C.

Splunk Web

D.

savedsearches.conf

E.

Splunk apps and add-ons

F.

indexes.conf

G.

inputs.conf

Question 40

Which search will return only events containing the word “error” and display the results as a table that includes

the fields named action, src, and dest?

Options:

A.

error | table action, src, dest

B.

error | tabular action, src, dest

C.

error | stats table action, src, dest

D.

error | table column=action column=src column=dest

Question 41

What is the correct syntax to count the number of events containing a vendor_action field?

Options:

A.

count stats vendor_action

B.

count stats (vendor_action)

C.

stats count (vendor_action)

D.

stats vendor_action (count)

Question 42

How many minutes, by default, is the time to live (ttl) for an ad-hoc search job?

Options:

A.

5 minutes

B.

1 minute

C.

10 minutes

D.

60 minutes

Question 43

What can be configured using the Edit Job Settings menu?

Options:

A.

Export the results to CSV format

B.

Add the Job results to a dashboard

C.

Schedule the Job to re-run in 10 minutes

D.

Change Job Lifetime from 10 minutes to 7 days.

Question 44

What must be done in order to use a lookup table in Splunk?

Options:

A.

The lookup must be configured to run automatically.

B.

The contents of the lookup file must be copied and pasted into the search bar.

C.

The lookup file must be uploaded to Splunk and a lookup definition must be created.

D.

The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Question 45

How do you add or remove fields from search results?

Options:

A.

Use field +to add and field -to remove.

B.

Use table +to add and table -to remove.

C.

Use fields +to add and fields –to remove.

D.

Use fields Plus to add and fields Minus to remove.

Question 46

Which of the following file types is an option for exporting Splunk search results?

Options:

A.

PDF

B.

JSON

C.

XLS

D.

RTF

Question 47

What is a primary function of a scheduled report?

Options:

A.

Auto-detect changes in performance

B.

Auto-generated PDF reports of overall data trends

C.

Regularly scheduled archiving to keep disk space use low

D.

Triggering an alert in your Splunk instance when certain conditions are met

Question 48

Which of the following is a Splunk internal field?

Options:

A.

_raw

B.

host

C.

_host

D.

index

Question 49

Which command automatically returns percent and count columns when executing searches?

Options:

A.

top

B.

stats

C.

table

D.

percent

Question 50

What is the primary use for the rare command1?

Options:

A.

To sort field values in descending order

B.

To return only fields containing five or fewer values

C.

To find the least common values of a field in a dataset

D.

To find the fields with the fewest number of values across a dataset

Question 51

Field names are case sensitive and field value are not.

Options:

A.

True

B.

False

Question 52

The default host name used in Inputs general settings can not be changed.

Options:

A.

False

B.

True

Question 53

Which statement is true about the top command?

Options:

A.

It returns the top 10 results

B.

It displays the output in table format

C.

It returns the count and percent columns per row

D.

All of the above

Question 54

Which of the following reports is available in the Fields window?

Options:

A.

Top values by time

B.

Rare values by time

C.

Events with top value fields

D.

Events with rare value fields

Question 55

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically

2. Create the lookup table

3. Define the lookup

Options:

A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

3, 2, 1

Question 56

It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.

Options:

A.

True

B.

False

Question 57

This search will return 20 results. SEARCH: error | top host limit = 20

Options:

A.

True

B.

False

Question 58

!= and NOT are same arguments.

Options:

A.

True

B.

False

Question 59

Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

Options:

A.

Open new search.

B.

Exclude the item from search.

C.

None of the above.

D.

Add the item to search

Question 60

Splunk Components:

Which of the following are responsible for parsing incoming data and storing data on disc?

Options:

A.

forwarders

B.

indexers

C.

search heads

Question 61

Data sources being opened and read applies to:

Options:

A.

None of the above

B.

Indexing Phase

C.

Parsing Phase

D.

Input Phase

E.

License Metering

Question 62

Field names are case sensitive.

Options:

A.

True

B.

False

Question 63

When writing searches in Splunk, which of the following is true about Booleans?

Options:

A.

They must be lowercase.

B.

They must be uppercase.

C.

They must be in quotations.

D.

They must be in parentheses.

Question 64

Which is a primary function of the timeline located under the search bar?

Options:

A.

To differentiate between structured and unstructured events in the data

B.

To sort the events returned by the search command in chronological order

C.

To zoom in and zoom out. although this does not change the scale of the chart

D.

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

Question 65

Which search will return the 15 least common field values for the dest_ip field?

Options:

A.

sourcetype=firewall | rare num=15 dest_ip

B.

sourcetype=firewall | rare last=15 dest_ip

C.

sourcetype=firewall | rare count=15 dest_ip

D.

sourcetype=firewall | rare limit=15 dest_ip

Question 66

______________ is the default web port used by Splunk.

Options:

A.

8089

B.

8000

C.

8080

D.

443

Question 67

Which is the default app for Splunk Enterprise?

Options:

A.

Splunk Enterprise Security Suite

B.

Searching and Reporting

C.

Reporting and Searching

D.

Splunk apps for Security

Question 68

Which of the following statements describes a search job?

Options:

A.

Once a search job begins, it cannot be stopped

B.

A search job can only be paused when less than 50% of events are returned

C.

A search job can only be stopped when less than 50% of events are returned

D.

Once a search job begins, it can be stopped or paused at any point in time

Question 69

Which of the following are Splunk premium enhanced solutions? (Choose three.)

Options:

A.

Splunk User Behavior Analytics (UBA)

B.

Splunk IT Service Intelligence (ITSI)

C.

Splunk Enterprise Security (ES)

D.

Splunk Analytics Security (AS)

Question 70

What are Splunk alerts based on?

Options:

A.

Dashboards

B.

Searches

C.

Webhooks

D.

Reports

Question 71

What is the primary use for the rare command?

Options:

A.

To sort field values in descending order.

B.

To return only fields containing five of fewer values.

C.

To find the least common values of a field in a dataset.

D.

To find the fields with the fewest number of values across a dataset.

Question 72

Select the answer that displays the accurate placing of the pipe in the following search string:

index=security sourcetype=access_* status=200 stats count by price

Options:

A.

index=security sourcetype=access_* status=200 stats | count by price

B.

index=security sourcetype=access_* status=200 | stats count by price

C.

index=security sourcetype=access_* status=200 | stats count | by price

D.

index=security sourcetype=access_* | status=200 | stats count by price

Question 73

When using the top command in the following search, which of the following will be true about the results?

index="main" sourcetype="access_*" action="purchase" | top 3 statusCode by user showperc=f countfield=status_code_count

Options:

A.

The search will fail. The proper top command format is top limit=3 instead of top 3.

B.

The top three most common values in statusCode will be displayed for each user.

C.

Only the top three overall most common values in statusCode will be displayed.

D.

The percentage field will be displayed in the results.

Load More SPLK-1001 Questions
Page: 1 / 24
Total 244 questions
Get SPLK-1001 Full Access Download SPLK-1001 PDF