Splunk Fundamentals 1 Exam|65 Questions with Answers ,100% CORRECT

Document Content and Description Below

Splunk Fundamentals 1 Exam|65 Questions with Answers Machine data is only generated by web servers. - CORRECT ANSWER False Machine data makes up for more than ___% of the data accumulated b ... y organizations. - CORRECT ANSWER 90 Machine data is always structured. - CORRECT ANSWER False Search strings are sent from the _________. - CORRECT ANSWER Search Head In most Splunk deployments, ________ serve as the primary way data is supplied for indexing. - CORRECT ANSWER Forwarders Which of these is not a main component of Splunk? Search and investigate Compress and archive Add knowledge Collect and index data - CORRECT ANSWER Compress and Archive Which function is not a part of a single instance deployment? Clustering Parsing Indexing Searching - CORRECT ANSWER Clustering A single-instance deployment of Splunk Enterprise handles: Select all that apply. Indexing Parsing Input Searching - CORRECT ANSWER Indexing Parsing Input Searching What are the three main default roles in Splunk Enterprise? Select all that apply. User Power User Administrator Manager King - CORRECT ANSWER User Power User Administrator Which apps ship with Splunk Enterprise? Select all that apply. Home App Search & Reporting DB Connect Sideview Utils - CORRECT ANSWER Home App Search & Reporting _________ define what users can do in Splunk. Tokens Roles Disk permissions - CORRECT ANSWER Roles The password for a newly installed Splunk instance is: Your email address. Available from the splunk.com website. Randomly generated. Created when you install Splunk Enterprise. - CORRECT ANSWER Created when you install Splunk Enterprise. You can launch and manage apps from the home app. - CORRECT ANSWER True Splunk uses ________ to categorize the type of data being indexed. - CORRECT ANSWER sourcetypes Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these. Line breaks File names Source types - CORRECT ANSWER sourcetypes The monitor input option will allow you to continuously monitor files. - CORRECT ANSWER True Files indexed using the the upload input option get indexed _____. Each time Splunk restarts Every hour On every search Once - CORRECT ANSWER Once In most production environments, _______ will be used as your main source of data input. - CORRECT ANSWER Forwarders When a search is sent to splunk, it becomes a _____. File on the host system Task for Jimmy the Splunk elf Search job Event - CORRECT ANSWER Search job Shared search jobs remain active for _______ by default. 24 hours 1 year 10 minutes 1 day 7 days - CORRECT ANSWER 7 Days A search job will remain active for ___ minutes after it is run. 10 90 5 30 20 - CORRECT ANSWER 10 Minutes Which following search mode toggles behavior based on the type of search being run? Fast Smart Verbose - CORRECT ANSWER Smart What is the order of evaluation for Boolean operations in Splunk? - CORRECT ANSWER NOT - OR - AND What attributes describe the circled field below? "a dest 4" Select all that apply It contains string values. It cannot be used in a search. It contains 4 values. It contains numerical values - CORRECT ANSWER It contains string values It contains 4 values Which is not a comparison operator in Splunk? > ?= != = <= - CORRECT ANSWER ?= Field names are ________. Select all that apply. Case insensitive Always capitalized Not important in Splunk Case sensitive - CORRECT ANSWER Case sensitive Field values are case sensitive. - CORRECT ANSWER False Wildcards cannot be used with field searches. - CORRECT ANSWER False What is the most efficient way to filter events in Splunk? By time. Using booleans. With an asterisk. - CORRECT ANSWER By time This symbol is used in the "Advanced" section of the time range picker to round down to nearest unit of specified time. Select your answer. & @ ^ * % - CORRECT ANSWER @ Time to search can only be set by the time range picker - CORRECT ANSWER False Having separate indexes allows: Select all that apply. Multiple retention policies Ability to limit access. Faster Searches. - CORRECT ANSWER Multiple retention policies Ability to limit access Faster Searches As a general practice, exclusion is better than inclusion in a Splunk search. - CORRECT ANSWER False What command would you use to remove the status field from the returned events? "sourcetype=a* status=404 | _________ status not fields table fields - - CORRECT ANSWER fields - Excluding fields using the Fields Command will benefit performance. - CORRECT ANSWER False What is missing from this search? "sourcetype=a* | rename ip as "User IP" | table User IP A table command Search terms A pipe Quotation marks around User IP - CORRECT ANSWER Quotation marks around User IP Finish the rename command to change the name of the status field to HTTP Status "sourcetype=a* status=404 | rename ___________" status as "HTTP Status" status to "HTTP Status" as "HTTP Status" status as HTTP Status - CORRECT ANSWER status as "HTTP Status" Would the ip column be removed in the results of this search? Why or why not? "sourcetype=a* | rename ip as "User" | fields - ip" Yes, because the negative sign was used. No, because table columns can not be removed. Yes, because a pipe was used between search commands No, because the name was changed. - CORRECT ANSWER No, because the name was changed. Which clause would you use to rename the count field? "sourcetype=vendor* | stats count _______ "Units Sold"" to as rename show - CORRECT ANSWER As To display the most common values in a specific field, what command would you use? top rare table all - CORRECT ANSWER Top Which stats function would you use to find the average value of a field? - CORRECT ANSWER Avg Which one of these is not a stats function? Count Addtotals Avg Sum List - CORRECT ANSWER Addtotals How many results are shown by default when using a Top or Rare Command? - CORRECT ANSWER 10 Charts can be based on numbers, time, or location - CORRECT ANSWER True The User role can not create reports - CORRECT ANSWER False Question : 3 A time range picker can be included in a report - CORRECT ANSWER True _____________ are reports gathered together into a single pane of glass. Alerts Panels Dashboards Scheduled Reports - CORRECT ANSWER Dashboards If a search returns this, you can view the results as a chart Time limits. Numbers A list. Statistical values - CORRECT ANSWER Statistical values These are knowledge objects that provide the data structure for pivot. Indexes Data models Alerts Reports - CORRECT ANSWER Data models Pivots cannot be saved as reports panels - CORRECT ANSWER False Adding child data model objects is like the ______ Boolean in the Splunk search language - CORRECT ANSWER AND Data models are made up of ___________. Datasets Dashboard panels Transforming searches Pivots - CORRECT ANSWER Datasets Pivots can be saved as dashboards panels - CORRECT ANSWER True The instant pivot button is displayed in the statistics and visualization tabs when a _______ search is run. - CORRECT ANSWER Non-transforming Which role(s) can create data models? Select all that apply. Power User Administrator User - CORRECT ANSWER Power User Administrator External data used by a Lookup can come from sources like: Select all that apply. None. Only internal data can be used. CSV files Geospatial data Scripts - CORRECT ANSWER CSV files Geospatial data Scripts Finish this search command so that it displays data from the http_status.csv Lookup file " | _________ http_status.csv" lookup=* datalookup lookup inputlookup - CORRECT ANSWER inputlookup When using a .csv file for Lookups, the first row in the file represents this. Nothing, it is ignored Output fields Input fields Field names - CORRECT ANSWER Field names To keep from overwriting existing fields with your Lookup you can use the ____________ clause. - CORRECT ANSWER OUTPUTNEW A lookup is categorized as a dataset - CORRECT ANSWER True Alerts can run uploaded scripts. - CORRECT ANSWER True Real-time alerts will run the search continuously in the background. - CORRECT ANSWER True An alert is an action triggered by a _____________. Selected field Tag Saved search Report - CORRECT ANSWER Saved search Once an alert is created, you can no longer edit its defining search - CORRECT ANSWER False Alerts can send an email. - CORRECT ANSWER True [Show More]

Last updated: 2 years ago

Preview 1 out of 13 pages