Exam 1: Splunk Core Certified User

A) None of the above
B) Indexing Phase
C) Parsing Phase
D) Input Phase
E) License Metering

Correct Answer

verified

Show Answer

A) The new result after selecting the range by dragging filters the events and displays the most recent first.
B) There is no functionality like click and drag in Splunk's timeline.
C) Using this option executes a new query.
D) This doesn't execute a new query.

Correct Answer

verified

Show Answer

A) Cloned panel
B) Inline panel
C) Report panel
D) Prebuilt panel

Correct Answer

verified

Show Answer

A) Can be accessed by Apps > Search & Reporting.
B) Provides default interface for searching and analyzing logs.
C) Enables the user to create knowledge object, reports, alerts and dashboards.
D) It only gives us search functionality.

Correct Answer

verified

Show Answer

A) Only HF
B) No
C) Yes

Correct Answer

verified

Show Answer

A) To differentiate between structured and unstructured events in the data.
B) To sort the events returned by the search command in chronological order.
C) To zoom in and zoom out, although this does not change the scale of the chart.
D) To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Correct Answer

verified

Show Answer

A) Zoom to selection
B) Format Timeline
C) Deselect
D) Delete
E) Zoom Out

Correct Answer

verified

Show Answer

A) Will display result depending on the data.
B) Will return event where status field exist but value of that field is not 100.
C) Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.

Correct Answer

verified

Show Answer

A) Both field names and field values ARE case sensitive.
B) Field names ARE case sensitive; field values are NOT.
C) Field values ARE case sensitive; field names ARE NOT.
D) Both field names and field values ARE NOT case sensitive.

Correct Answer

verified

Show Answer

A) user
B) source
C) location
D) sourceIp

Correct Answer

verified

Show Answer

Correct Answer

verified

Show Answer

A) time
B) _time
C) EventTime
D) timestamp

Correct Answer

verified

Show Answer

A) Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
B) Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
C) Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
D) The selected field and its corresponding values will appear underneath the events in the search results.

Correct Answer

verified

Show Answer

A) You can modify the search string in the panel, and you can change and configure the visualization.
B) You can modify the search string in the panel, but you cannot change and configure the visualization.
C) You cannot modify the search string in the panel, but you can change and configure the visualization.
D) You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Correct Answer

verified

Show Answer

A) error AND (fail AND 400)
B) error OR (fail and 400)
C) error AND (fail OR 400)
D) error OR fail OR 400

Correct Answer

verified

Show Answer

A) All data accessible to the User role will appear in the report.
B) All data accessible to the owner of the report will appear in the report.
C) All data accessible to all users will appear in the report until the next time the report is run.
D) The owner of the report can configure permissions so that the report uses either the User role or the owner's profile at run time.

Correct Answer

verified

Show Answer

A) Only continuous monitoring.
B) Only One-time monitoring.
C) None of the above.
D) Both One-time and continuous monitoring.

Correct Answer

verified

Show Answer

A) Indexer
B) Forwarder
C) Search head
D) Deployment server

Correct Answer

verified

Show Answer