Splunk Core Certified User (SPLK-1001) Free Practice Test

Question 1

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

A. | rare limit=5

B. | top rare=5

C. | top limit=5

D. | rare top=5

Correct Answer: C

Question 2

In monitor option you can select the following options in GUI.

A. Only Scripts

B. None of the above

C. Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts

D. Only HTTP Event Collector (HEC) and TCP/UDP

E. Only TCP/UDP

Correct Answer: C

Question 3

Log filtering/parsing can be done from _____________.

A. Index Forwarders (IF)

B. Universal Forwarders (UF)

C. Super Forwarder (SF)

D. Heavy Forwarders (HF)

Correct Answer: D

Question 4

At the time of searching the start time is 03:35:08.
Will it look back to 03:00:00 if we use -30m@h in searching?

A. No

B. Yes

Correct Answer: B

Question 5

Search Assistant is enabled by default in the SPL editor with compact settings.

A. No

B. Yes

Correct Answer: B

Question 6

Portal for Splunk apps can be accessed through www.splunkbase.com

A. False

B. True

Correct Answer: B

Question 7

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

A. Splunk will prompt you to specify an index.

B. All non-indexed events to which the user has access will be returned.

C. No events will be returned.

D. Events from every index searched by default to which the user has access will be returned.

Correct Answer: D

Question 8

How do you add or remove fields from search results?

A. Use table +to add and table -to remove.

B. Use fields +to add and fields -to remove.

C. Use field +to add and field -to remove.

D. Use fields Plus to add and fields Minus to remove.

Correct Answer: B

Question 9

Which search will return only events containing the word "error" and display the results as a table that includes the fields named action, src, and dest?

A. error | stats table action, src, dest

B. error | table action, src, dest

C. error | table column=action column=src column=dest

D. error | tabular action, src, dest

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

What kind of logs can Splunk Index?

A. Router and Switch Logs

B. All firewall, web server, database, router and switch logs

C. Database logs

D. Firewall and Web Server Logs

E. Only C

F. Only A, B

Correct Answer: B

Question 11

Which symbol is used to snap the time?

A. &

B. *

C. #

D. @

Correct Answer: D

Question 12

Which of the following statements describes a search job?

A. Once a search job begins, it cannot be stopped

B. Once a search job begins, it can be stopped or paused at any point in time

C. A search job can only be stopped when less than 50% of events are returned

D. A search job can only be paused when less than 50% of events are returned

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

By default, all users have DELETE permission to ALL knowledge objects.

A. False

B. True

Correct Answer: A

Question 14

Assuming a user has the capability to edit reports, which of the following are editable?

A. The report's name, schedule, permissions

B. The report's name, acceleration, schedule

C. Acceleration, schedule, permissions

D. The report's name, acceleration, permissions

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Splunk Core Certified User (SPLK-1001) Free Practice Test