ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1001

Splunk SPLK-1001 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which all time unit abbreviations can you include in Advanced time range picker? (Choose seven.)
Which of the following is a metadata field assigned to every event in Splunk?
What are the three main Splunk components?
Selected fields are a set of configurable fields displayed for each event.
You are able to create new Index in Data Input settings.
Beginning parentheses is automatically highlighted to guide you on the presence of complimenting parentheses.
Which of the following is an accurate definition of fields within Splunk?
In the Search and Reporting app, which is a default selected field?
Which search will return the 15 least common field values for the dest_ip field?
Field names are case sensitive and field value are not.

Question 21

Report
Export
Collapse

What must be done in order to use a lookup table in Splunk?

A.
The lookup must be configured to run automatically.
A.
The lookup must be configured to run automatically.
Answers
B.
The contents of the lookup file must be copied and pasted into the search bar.
B.
The contents of the lookup file must be copied and pasted into the search bar.
Answers
C.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
C.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
Answers
D.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
D.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
Answers
Suggested answer: C

Question 22

Report
Export
Collapse

What is a suggested Splunk best practice for naming reports?

A.
Reports are best named using many numbers so they can be more easily sorted.
A.
Reports are best named using many numbers so they can be more easily sorted.
Answers
B.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
B.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Answers
C.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
C.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
Answers
D.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
D.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
Answers
Suggested answer: B

Question 23

Report
Export
Collapse

Which of the following Splunk components typically resides on the machines where data originates?

A.
Indexer
A.
Indexer
Answers
B.
Forwarder
B.
Forwarder
Answers
C.
Search head
C.
Search head
Answers
D.
Deployment server
D.
Deployment server
Answers
Suggested answer: B

Question 24

Report
Export
Collapse

What does the following specified time range do? earliest=-72h@h latest=@d

A.
Look back 3 days ago and prior
A.
Look back 3 days ago and prior
Answers
B.
Look back 72 hours up to one day ago
B.
Look back 72 hours up to one day ago
Answers
C.
Look back 72 hours, up to the end of today
C.
Look back 72 hours, up to the end of today
Answers
D.
Look back from 3 days ago up to the beginning of today
D.
Look back from 3 days ago up to the beginning of today
Answers
Suggested answer: D

Question 25

Report
Export
Collapse

Which of the following is true about user account settings and preferences?

A.
Search & Reporting is the only app that can be set as the default application.
A.
Search & Reporting is the only app that can be set as the default application.
Answers
B.
Full names can only be changed by accounts with a Power User or Admin role.
B.
Full names can only be changed by accounts with a Power User or Admin role.
Answers
C.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
C.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Answers
D.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
D.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Answers
Suggested answer: D

Question 26

Report
Export
Collapse

Which of the following are common constraints of the top command?

A.
limit, count
A.
limit, count
Answers
B.
limit, showpercent
B.
limit, showpercent
Answers
C.
limits, countfield
C.
limits, countfield
Answers
D.
showperc, countfield
D.
showperc, countfield
Answers
Suggested answer: B

Question 27

Report
Export
Collapse

What is the purpose of using a by clause with the stats command?

A.
To group the results by one or more fields.
A.
To group the results by one or more fields.
Answers
B.
To compute numerical statistics on each field.
B.
To compute numerical statistics on each field.
Answers
C.
To specify how the values in a list are delimited.
C.
To specify how the values in a list are delimited.
Answers
D.
To partition the input data based on the split-by fields.
D.
To partition the input data based on the split-by fields.
Answers
Suggested answer: A

Question 28

Report
Export
Collapse

Which events will be returned by the following search string? host=www3 status=503

A.
All events that either have a host of www3 or a status of 503.
A.
All events that either have a host of www3 or a status of 503.
Answers
B.
All events with a host of www3 that also have a status of 503
B.
All events with a host of www3 that also have a status of 503
Answers
C.
We need more information: we cannot tell without knowing the time range
C.
We need more information: we cannot tell without knowing the time range
Answers
D.
We need more information a search cannot be run without specifying an index
D.
We need more information a search cannot be run without specifying an index
Answers
Suggested answer: B

Question 29

Report
Export
Collapse

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

A.
(index=netfw failure) AND index=netops warn OR critical
A.
(index=netfw failure) AND index=netops warn OR critical
Answers
B.
(index=netfw failure) OR (index=netops (warn OR critical))
B.
(index=netfw failure) OR (index=netops (warn OR critical))
Answers
C.
(index=netfw failure) AND (index=netops (warn OR critical))
C.
(index=netfw failure) AND (index=netops (warn OR critical))
Answers
D.
(index=netfw failure) OR index=netops OR (warn OR critical)
D.
(index=netfw failure) OR index=netops OR (warn OR critical)
Answers
Suggested answer: B

Question 30

Report
Export
Collapse

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

A.
index=security sourcetype=access_* status=200 stats | count by price
A.
index=security sourcetype=access_* status=200 stats | count by price
Answers
B.
index=security sourcetype=access_* status=200 | stats count by price
B.
index=security sourcetype=access_* status=200 | stats count by price
Answers
C.
index=security sourcetype=access_* status=200 | stats count | by price
C.
index=security sourcetype=access_* status=200 | stats count | by price
Answers
D.
index=security sourcetype=access_* | status=200 | stats count by price
D.
index=security sourcetype=access_* | status=200 | stats count by price
Answers
Suggested answer: B
Total 246 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms