Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Certensure Logo
  1. Home
  2. Splunk
  3. Splunk Core Certified User
  4. SPLK-1001 - Splunk Core Certified User

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test

Demo: 33 questions
Total 226 questions
Get SPLK-1001 Full Access Download SPLK-1001 PDF

Splunk Core Certified User Questions and Answers

Question 1

Assuming a user has the capability to edit reports, which of the following are editable?

Options:

A.

Acceleration, schedule, permissions

B.

The report’s name, schedule, permissions

C.

The report’s name, acceleration, schedule

D.

The report’s name, acceleration, permissions

Question 2

Splunk automatically determines the source type for major data types.

Options:

A.

False

B.

True

Question 3

Prefix wildcards might cause performance issues.

Options:

A.

False

B.

True

Question 4

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

Options:

A.

True

B.

False

Question 5

Search Assistant is enabled by default in the SPL editor with compact settings.

Options:

A.

No

B.

Yes

Question 6

Splunk index time process can be broken down into __________ phases.

Options:

A.

3

B.

2

C.

4

D.

1

Question 7

______________ is the default web port used by Splunk.

Options:

A.

8089

B.

8000

C.

8080

D.

443

Question 8

Lookups allow you to overwrite your raw event.

Options:

A.

True

B.

False

Question 9

Which of the following describes lookup files?

Options:

A.

Lookup fields cannot be used in searches

B.

Lookups contain static data available in the index

C.

Lookups add more fields to results returned by a search

D.

Lookups pull data at index time and add them to search results

Question 10

36. Lookups can be private for a user.

Options:

A.

True

B.

False

Question 11

Can you stop or pause the searching?

Options:

A.

No

B.

Yes

Question 12

Select the statements that are true for timeline in Splunk (Choose four.):

Options:

A.

Timeline shows distribution of events specified in the time range in the form of bars.

B.

Single click to see the result for particular time period.

C.

You can click and drag across the bar for selecting the range.

D.

This is default view and you can't make any changes to it.

E.

You can hover your mouse for details like total events, time and date.

Question 13

Which of the following is a metadata field assigned to every event in Splunk?

Options:

A.

host

B.

owner

C.

bytes

D.

action

Question 14

How does Splunk determine which fields to extract from data?

Options:

A.

Splunk only extracts the most interesting data from the last 24 hours.

B.

Splunk only extracts fields users have manually specified in their data.

C.

Splunk automatically extracts any fields that generate interesting visualizations.

D.

Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Question 15

Which Field/Value pair will return only events found in the index named security?

Options:

A.

Index=Security

B.

index=Security

C.

Index=security

D.

index!=Security

Question 16

In the Search and Reporting app, which tab displays timecharts and bar charts?

Options:

A.

Events

B.

Patterns

C.

Statistics

D.

Visualization

Question 17

Which of the following file types is an option for exporting Splunk search results?

Options:

A.

PDF

B.

JSON

C.

XLS

D.

RTF

Question 18

What syntax is used to link key/value pairs in search strings?

Options:

A.

action+purchase

B.

action=purchase

C.

action | purchase

D.

action equal purchase

Question 19

Which of the following is a Splunk internal field?

Options:

A.

_raw

B.

host

C.

_host

D.

index

Question 20

What is Search Assistant in Splunk?

Options:

A.

It is only available to Admins.

B.

Such feature does not exist in Splunk.

C.

Shows options to complete the search string

Question 21

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

Options:

A.

the_questionnaire _pedia

B.

the_questionnaire pedia

C.

the_questionnaire_pedia

D.

the_questionnaire Pedia

Question 22

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

Options:

A.

Review Splunk reports

B.

Run ./splunk show

C.

Click Data Summary in Splunk Web

D.

Search index=* sourcetype=* host=*

Question 23

Which of the following is the most efficient filter for running searches in Splunk?

Options:

A.

Time

B.

Fast mode

C.

Sourcetype

D.

Selected Fields

Question 24

Which of the following statements describes a search job?

Options:

A.

Once a search job begins, it cannot be stopped

B.

A search job can only be paused when less than 50% of events are returned

C.

A search job can only be stopped when less than 50% of events are returned

D.

Once a search job begins, it can be stopped or paused at any point in time

Question 25

Where does Licensing meter happen?

Options:

A.

Indexer

B.

Parsing

C.

Heavy Forwarder

D.

Input

Question 26

What is one benefit of creating dashboard panels from reports?

Options:

A.

Any newly created dashboard will include that report.

B.

There are no benefits to creating dashboard panels from reports.

C.

It makes the dashboard more efficient because it only has to run one search string.

D.

Any change to the underlying report will affect every dashboard that utilizes that report.

Question 27

When a search returns __________, you can view the results as a list.

Options:

A.

a list of events

B.

transactions

C.

statistical values

Question 28

How can results from a specified static lookup file be displayed?

Options:

A.

lookup command

B.

inputlookup command

C.

Settings > Lookups > Input

D.

Settings > Lookups > Upload

Question 29

Which of the following fields is stored with the events in the index?

Options:

A.

user

B.

source

C.

location

D.

sourcelp

Question 30

What does the rare command do?

Options:

A.

Returns the least common field values of a given field in the results.

B.

Returns the most common field values of a given field in the results.

C.

Returns the top 10 field values of a given field in the results.

D.

Returns the lowest 10 field values of a given field in the results.

Question 31

When writing searches in Splunk, which of the following is true about Booleans?

Options:

A.

They must be lowercase.

B.

They must be uppercase.

C.

They must be in quotations.

D.

They must be in parentheses.

Question 32

When displaying results of a search, which of the following is true about line charts?

Options:

A.

Line charts are optimal for single and multiple series.

B.

Line charts are optimal for single series when using Fast mode.

C.

Line charts are optimal for multiple series with 3 or more columns.

D.

Line charts are optimal for multiseries searches with at least 2 or more columns.

Question 33

Which search would return events from the access_combined sourcetype?

Options:

A.

Sourcetype=access_combined

B.

Sourcetype=Access_Combined

C.

sourcetype=Access_Combined

D.

SOURCETYPE=access_combined

Load More SPLK-1001 Questions
Demo: 33 questions
Total 226 questions
Get SPLK-1001 Full Access Download SPLK-1001 PDF