Splunk Splk 1001 Practice Test

Question 1

Which Field/Value pair will return only events found in the index named security?

C. Index=security
D. index!=Security

Answer:

B

Explanation:
Reference:
https://answers.splunk.com/answers/712164/why-are-the-wineventlogssecurity-indexing-indiffe.html

User Votes:

C 2 votes

50%

D

50%

Discussions

0 / 1000

Question 2

Which statement describes field discovery at search time?

A. Splunk automatically discovers only numeric fields
B. Splunk automatically discovers only alphanumeric fields
C. Splunk automatically discovers only manually configured fields
D. Splunk automatically discovers only fields directly related to the search results

Answer:

D

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Changethesearchmode

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 3

What are the three main Splunk components?

A. Search head, GPU, streamer
B. Search head, indexer, forwarder
C. Search head, SQL database, forwarder
D. Search head, SSD, heavy weight agent

Answer:

B

Explanation:
Reference:
https://www.edureka.co/blog/splunk-architecture/

User Votes:

A

50%

B 1 votes

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 4

When is an alert triggered?

A. When Splunk encounters a syntax error in a search
B. When a trigger action meets the predefined conditions
C. When an event in a search matches up with a data model
D. When results of a search meet a specifically defined condition

Answer:

D

Explanation:
Reference:
https://books.google.com.pk/books?id=sNwkBQAAQBAJ&pg=PT525&lpg=PT525&dq=splunk+alert
+triggered+When+results+of+a+search+meet+a+specifically+defined
+condition&source=bl&ots=avtEx5luxo&sig=ACfU3U1ZVob_j9nU243Te2vhqwxI3YvJuA&hl=en&sa=X
&ved=2a
hUKEwjm48rmkfXoAhUlMewKHb_FAbkQ6AEwB3oECBYQJg
QUESTION 197

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 5

Which search will return the 15 least common field values for the dest_ip field?

A. sourcetype=firewall | rare num=15 dest_ip
B. sourcetype=firewall | rare last=15 dest_ip
C. sourcetype=firewall | rare count=15 dest_ip
D. sourcetype=firewall | rare limit=15 dest_ip

Answer:

C

Explanation:
Reference:
https://answers.splunk.com/answers/41928/add-a-lookup-csv-colum-information-to-the-results-ofa-inputlookup-search.html

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 6

What is the default lifetime of every Splunk search job?

A. All search jobs are saved for 10 days
B. All search jobs are saved for 10 hours
C. All search jobs are saved for 10 weeks
D. All search jobs are saved for 10 minutes

Answer:

D

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Extendjoblifetimes

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 7

In the Fields sidebar, what does the number directly to the right of the field name indicate?

A. The value of the field
B. The number of values for the field
C. The number of unique values for the field
D. The numeric non-unique values of the field

Answer:

C

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchTutorial/Usefieldstosearch

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 8

How can results from a specified static lookup file be displayed?

A. lookup command
B. inputlookup command
C. Settings > Lookups > Input
D. Settings > Lookups > Upload

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 9

When is the pipe character, I, used in search strings?

A. Before clauses. For example: stats sum(bytes) | by host
B. Before commands. For example: | stats sum(bytes) by host
C. Before arguments. For example: stats sum| (bytes) by host
D. Before functions. For example: stats |sum(bytes) by host

Answer:

B

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/
Aboutsearchlanguagesyntax#Quotes_and_escaping_characters

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 10

Which of the following is the best way to create a report that shows the last 24 hours of events?

A. Use earliest=-1d@d latest=@d
B. Set a real-time search over a 24-hour window
C. Use the time range picket to select “Yesterday”
D. Use the time range picker to select “Last 24 hours”

Answer:

D

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 11

What are the two most efficient search filters?

A. _time and host
B. _time and index
C. host and sourcetype
D. index and sourcetype

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 12

Which of the following is a metadata field assigned to every event in Splunk?

A. host
B. owner
C. bytes
D. action

Answer:

A

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Assignmetadatatoeventsdynamically

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 13

Assuming a user has the capability to edit reports, which of the following are editable?

A. Acceleration, schedule, permissions
B. The report’s name, schedule, permissions
C. The report’s name, acceleration, schedule
D. The report’s name, acceleration, permissions

Answer:

B

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Report/Createandeditreports

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 14

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

A. Review Splunk reports
B. Run ./splunk show
C. Click Data Summary in Splunk Web
D. Search index=* sourcetype=* host=*

Answer:

C

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/InheritedDeployment/Yourdata

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 15

When viewing results of a search job from the Activity menu, which of the following is displayed?

A. New events based on the current time range picker
B. The same events based on the current time range picker
C. The same events from when the original search was executed
D. New events in addition to the same events from the original search

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Splunk splk-1001 practice test

Splunk Core Certified User Exam

Last exam update: Dec 15 ,2024

Page 1 out of 16. Viewing questions 1-15 out of 226

Question 1

Answer:

User Votes:

Question 2

Answer:

User Votes:

Question 3

Answer:

User Votes:

Question 4

Answer:

User Votes:

Question 5

Answer:

User Votes:

Question 6

Answer:

User Votes:

Question 7

Answer:

User Votes:

Question 8

Answer:

User Votes:

Question 9

Answer:

User Votes:

Question 10

Answer:

User Votes:

Question 11

Answer:

User Votes:

Question 12

Answer:

User Votes:

Question 13

Answer:

User Votes:

Question 14

Answer:

User Votes:

Question 15

Answer:

User Votes: