SPLK-1001 Practice Exam Questions and Answers

A.  

Yes

B.  

No

A.  

Only HF

B.  

No

C.  

Yes

A.  

Saving the item to a report

B.  

Adding the item to the search.

C.  

Adding the item to a dashboard

D.  

Saving the search to a JSON file.

A.  

A number to the right of the field name.

B.  

A # symbol to the left of the field name.

C.  

A lowercase n to the left of the field name.

D.  

A lowercase n to the right of the field name.

A.  

True

B.  

False

A.  

Source type

B.  

At least five columns

C.  

Timestamp

D.  

Input filed

A.  

False

B.  

True

A.  

index!=Security

B.  

Index-security

C.  

Index=Security

D.  

index=Security

A.  

Chronological

B.  

Reverser chronological

C.  

ASCIE

D.  

Alphabetical

A.  

Median(X)

B.  

Eval by X

C.  

Fields(X)

D.  

Values(X)

A.  

True

B.  

False

A.  

Description_Group_Object

B.  

Group_Description_Object

C.  

Group_Object_Description

D.  

Object_Group_Description

A.  

Table

B.  

Raw

C.  

Pie Chart

D.  

List

A.  

To group the results by one or more fields.

B.  

To compute numerical statistics on each field.

C.  

To specify how the values in a list are delimited.

D.  

To partition the input data based on the split-by fields.

A.  

No

B.  

Yes

A.  

Inherent entities that exist in event data.

B.  

A searchable key/value pair in event data.

C.  

Values pulled exclusively from lookup tables.

D.  

A non-searchable name/value pair used while indexing data.

A.  

Executes a new search.

B.  

Filters current search results.

C.  

Moves to past or future events.

D.  

Expands the time range of the search.

A.  

Auto-detect changes in performance

B.  

Auto-generated PDF reports of overall data trends

C.  

Regularly scheduled archiving to keep disk space use low

D.  

Triggering an alert in your Splunk instance when certain conditions are met

A.  

Splunk Enterprise Security Suite

B.  

Searching and Reporting

C.  

Reporting and Searching

D.  

Splunk apps for Security

A.  

Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field

B.  

Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.

C.  

Custom selections will replace the Interesting Fields that Splunk populated into the list at search time

D.  

The selected field and its corresponding values will appear underneath the events in the search results

A.  

host

B.  

owner

C.  

bytes

D.  

action

A.  

index=a index=b

B.  

(index=a OR index=b)

C.  

index=(a & b)

D.  

index = a, b

A.  

Time

B.  

Fast mode

C.  

Sourcetype

D.  

Selected Fields

A.  

drills down for that value

B.  

highlights the field value across the chart

C.  

adds the highlighted value to the search criteria

A.  

2, 1, 3

B.  

1, 2, 3

C.  

2, 3, 1

D.  

3, 2, 1

A.  

It is only available to Admins.

B.  

Such feature does not exist in Splunk.

C.  

Shows options to complete the search string

A.  

sourcetype

B.  

index

C.  

source

D.  

host

A.  

To differentiate between structured and unstructured events in the data

B.  

To sort the events returned by the search command in chronological order

C.  

To zoom in and zoom out. although this does not change the scale of the chart

D.  

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime

A.  

An app

B.  

JSON

C.  

A role

D.  

An enhanced solution

A.  

index=*

B.  

index=web OR index=s*

C.  

(index=web OR index=sales)

D.  

*index=sales AND index=web*

A.  

OR

B.  

AND

C.  

NOT

D.  

NAND

A.  

Indexing

B.  

Searching

C.  

Parsing

D.  

Settings

E.  

Input

A.  

False

B.  

True

A.  

Before clauses. For example: stats sum(bytes) | by host

B.  

Before commands. For example: | stats sum(bytes) by host

C.  

Before arguments. For example: stats sum| (bytes) by host

D.  

Before functions. For example: stats |sum(bytes) by host

A.  

dedup

B.  

rename

C.  

sort -

D.  

fields +