Black Friday Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

Question # 4

Field values are case sensitive.

A.

True

B.

False

Full Access
Question # 5

When writing searches in Splunk, which of the following is true about Booleans?

A.

They must be lowercase.

B.

They must be uppercase.

C.

They must be in quotations.

D.

They must be in parentheses.

Full Access
Question # 6

Which of the following searches would return only events that match the following criteria?

• Events are inside the main index

• The field status exists in the event

• The value in the status field does not equal 200

A.

index==main status!==200

B.

index=main NOT status=200

C.

index==main NOT status==200

D.

index-main status!=200

Full Access
Question # 7

Which of the following is the most efficient search?

A.

index=* “failed password”

B.

“failed password” index=*

C.

(index=* OR index=security) “failed password”

D.

index=security “failed password”

Full Access
Question # 8

Which of the following are common constraints of the top command?

A.

limit, count

B.

limit, showpercent

C.

limits, countfield

D.

showperc, countfield

Full Access
Question # 9

Which of the following statements describes a search job?

A.

Once a search job begins, it cannot be stopped

B.

A search job can only be paused when less than 50% of events are returned

C.

A search job can only be stopped when less than 50% of events are returned

D.

Once a search job begins, it can be stopped or paused at any point in time

Full Access
Question # 10

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

A.

host

B.

index

C.

source

D.

sourcetype

Full Access
Question # 11

Field names are case sensitive.

A.

True

B.

False

Full Access
Question # 12

In the Search and Reporting app, which is a default selected field?

A.

index

B.

action

C.

_time

D.

host

Full Access
Question # 13

Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

A.

Open new search.

B.

Exclude the item from search.

C.

None of the above.

D.

Add the item to search

Full Access
Question # 14

The better way of writing search query for index is:

A.

index=a index=b

B.

(index=a OR index=b)

C.

index=(a & b)

D.

index = a, b

Full Access
Question # 15

When viewing the results of a search, what is an Interesting Field?

A.

A field that appears in any event

B.

A field that appears in every event

C.

A field that appears in the top 10 events

D.

A field that appears in at least 20% of the events

Full Access
Question # 16

How does Splunk determine which fields to extract from data?

A.

Splunk only extracts the most interesting data from the last 24 hours.

B.

Splunk only extracts fields users have manually specified in their data.

C.

Splunk automatically extracts any fields that generate interesting visualizations.

D.

Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Full Access
Question # 17

Fields are searchable key value pairs in your event data.

A.

True

B.

False

Full Access
Question # 18

You are able to create new Index in Data Input settings.

A.

No

B.

Yes

Full Access
Question # 19

How can search results be kept longer than 7 days?

A.

By scheduling a report.

B.

By creating a link to the job.

C.

By changing the job settings.

D.

By changing the time range picker to more than 7 days.

Full Access
Question # 20

Following are the time selection option while making search:

(Choose all that apply.)

A.

Date & Time Range

B.

Advanced

C.

Date Range

D.

Presets

E.

Relative

Full Access
Question # 21

What is the purpose of using a by clause with the stats command?

A.

To group the results by one or more fields.

B.

To compute numerical statistics on each field.

C.

To specify how the values in a list are delimited.

D.

To partition the input data based on the split-by fields.

Full Access
Question # 22

Splunk shows data in __________________.

A.

ASCII Character order.

B.

Reverse chronological order.

C.

Alphanumeric order.

D.

Chronological order.

Full Access
Question # 23

What are the three main Splunk components?

A.

Search head, GPU, streamer

B.

Search head, indexer, forwarder

C.

Search head, SQL database, forwarder

D.

Search head, SSD, heavy weight agent

Full Access
Question # 24

When viewing results of a search job from the Activity menu, which of the following is displayed?

A.

New events based on the current time range picker

B.

The same events based on the current time range picker

C.

The same events from when the original search was executed

D.

New events in addition to the same events from the original search

Full Access
Question # 25

When is an alert triggered?

A.

When Splunk encounters a syntax error in a search

B.

When a trigger action meets the predefined conditions

C.

When an event in a search matches up with a data model

D.

When results of a search meet a specifically defined condition

Full Access
Question # 26

@ Symbol can be used in advanced time unit option.

A.

No

B.

Yes

Full Access
Question # 27

The default host name used in Inputs general settings can not be changed.

A.

False

B.

True

Full Access
Question # 28

Select the answer that displays the accurate placing of the pipe in the following search string:

index=security sourcetype=access_* status=200 stats count by price

A.

index=security sourcetype=access_* status=200 stats | count by price

B.

index=security sourcetype=access_* status=200 | stats count by price

C.

index=security sourcetype=access_* status=200 | stats count | by price

D.

index=security sourcetype=access_* | status=200 | stats count by price

Full Access
Question # 29

Universal forwarder is recommended for forwarding the logs to indexers.

A.

False

B.

True

Full Access
Question # 30

When placed early in a search, which command is most effective at reducing search execution time?

A.

dedup

B.

rename

C.

sort -

D.

fields +

Full Access
Question # 31

Fields are searchable name and value pairings that differentiates one event from another.

A.

False

B.

True

Full Access
Question # 32

The four types of Lookups that Splunk provides out-of-the-box are External, KV Store, Geospatial and which of the following?

A.

Correlated

B.

File-based

C.

Total

D.

Segmented

Full Access
Question # 33

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

A.

Review Splunk reports

B.

Run ./splunk show

C.

Click Data Summary in Splunk Web

D.

Search index=* sourcetype=* host=*

Full Access
Question # 34

Which of the following commands will show the maximum bytes?

A.

sourcetype=access_* | maximum totals by bytes

B.

sourcetype=access_* | avg (bytes)

C.

sourcetype=access_* | stats max(bytes)

D.

sourcetype=access_* | max(bytes)

Full Access
Question # 35

All components are installed and administered in Splunk Enterprise on-premise.

A.

True

B.

False

Full Access
Question # 36

At the time of searching the start time is 03:35:08.

Will it look back to 03:00:00 if we use -30m@h in searching?

A.

Yes

B.

No

Full Access
Question # 37

The stats command will create a _____________ by default.

A.

Table

B.

Report

C.

Pie chart

Full Access
Question # 38

By default, which role contains the minimum permissions required to have write access to Splunk alerts?

A.

User

B.

Alerting

C.

Power

D.

Admin

Full Access
Question # 39

Which component of Splunk let us write SPL query to find the required data?

A.

Forwarders

B.

Indexer

C.

Heavy Forwarders

D.

Search head

Full Access
Question # 40

Splunk Components:

Which of the following are responsible for reducing search results?

A.

search heads

B.

indexers

C.

forwarders

Full Access
Question # 41

What are Splunk alerts based on?

A.

Dashboards

B.

Searches

C.

Webhooks

D.

Reports

Full Access
Question # 42

Which events will be returned by the following search string?

host=www3 status=503

A.

All events that either have a host of www3 or a status of 503.

B.

All events with a host of www3 that also have a status of 503

C.

We need more information: we cannot tell without knowing the time range

D.

We need more information a search cannot be run without specifying an index

Full Access
Question # 43

How are events displayed after a search is executed?

A.

In chronological order.

B.

Randomly by default.

C.

In reverse chronological order.

D.

Alphabetically according to field name.

Full Access
Question # 44

This function of the stats command allows you to return the sample standard deviation of a field.

A.

stdev

B.

dev

C.

count deviation

D.

by standarddev

Full Access
Question # 45

What are the steps to schedule a report?

A.

After saving the report, click Schedule.

B.

After saving the report, click Event Type.

C.

After saving the report, click Scheduling.

D.

After saving the report, click Dashboard Panel.

Full Access
Question # 46

Splunk Enterprise is used as a Scalable service in Splunk Cloud.

A.

True

B.

False

Full Access
Question # 47

What will always appear in the Selected Fields list?

A.

index

B.

action

C.

clientip

D.

sourcetype

Full Access
Question # 48

Which of the following is true about user account settings and preferences?

A.

Search & Reporting is the only app that can be set as the default application.

B.

Full names can only be changed by accounts with a Power User or Admin role.

C.

Time zones are automatically updated based on the setting of the computer accessing Splunk.

D.

Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Full Access
Question # 49

When running searches command modifiers in the search string are displayed in what color?

A.

Red

B.

Blue

C.

Orange

D.

Highlighted

Full Access
Question # 50

Field names are case sensitive and field value are not.

A.

True

B.

False

Full Access
Question # 51

Search Assistant is enabled by default in the SPL editor with compact settings.

A.

No

B.

Yes

Full Access
Question # 52

In monitor option you can select the following options in GUI.

A.

Only HTTP Event Collector (HEC) and TCP/UDP

B.

None of the above

C.

Only TCP/UDP

D.

Only Scripts

E.

Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts

Full Access
Question # 53

Which search would return events from the access_combined sourcetype?

A.

Sourcetype=access_combined

B.

Sourcetype=Access_Combined

C.

sourcetype=Access_Combined

D.

SOURCETYPE=access_combined

Full Access
Question # 54

What syntax is used to link key/value pairs in search strings?

A.

action+purchase

B.

action=purchase

C.

action | purchase

D.

action equal purchase

Full Access
Question # 55

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically

2. Create the lookup table

3. Define the lookup

A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

3, 2, 1

Full Access
Question # 56

Portal for Splunk apps can be accessed through www.splunkbase.com

A.

False

B.

True

Full Access
Question # 57

Splunk internal fields contains general information about events and starts from underscore i.e. _ .

A.

True

B.

False

Full Access
Question # 58

Where does Licensing meter happen?

A.

Indexer

B.

Parsing

C.

Heavy Forwarder

D.

Input

Full Access
Question # 59

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

A.

the_questionnaire _pedia

B.

the_questionnaire pedia

C.

the_questionnaire_pedia

D.

the_questionnaire Pedia

Full Access
Question # 60

Which statement describes field discovery at search time?

A.

Splunk automatically discovers only numeric fields

B.

Splunk automatically discovers only alphanumeric fields

C.

Splunk automatically discovers only manually configured fields

D.

Splunk automatically discovers only fields directly related to the search results

Full Access
Question # 61

What is the result of the following search?

index=myindex source=c: \mydata. txt NOT error=*

A.

Only data where the error field is present and does not contain a value will be displayed.

B.

Only data with a value in the field error will be displayed.

C.

Only data that does not contain the error field will be displayed.

D.

Only data where the value of the field error does not equal an asterisk (*) will be displayed.

Full Access
Question # 62

Which of the following statements are correct about Search & Reporting App? (Choose three.)

A.

Can be accessed by Apps > Search & Reporting.

B.

Provides default interface for searching and analyzing logs.

C.

Enables the user to create knowledge object, reports, alerts and dashboards.

D.

It only gives us search functionality.

Full Access
Question # 63

Select the correct option that applies to Index time processing (Choose three.).

A.

Indexing

B.

Searching

C.

Parsing

D.

Settings

E.

Input

Full Access
Question # 64

Beginning parentheses is automatically highlighted to guide you on the presence of complimenting

parentheses.

A.

No

B.

Yes

Full Access
Question # 65

Which command is used to review the contents of a specified static lookup file?

A.

lookup

B.

csvlookup

C.

inputlookup

D.

outputlookup

Full Access
Question # 66

What can be included in the All Fields option in the sidebar?

A.

Dashboards

B.

Metadata only

C.

Non-interesting fields

D.

Field descriptions

Full Access
Question # 67

What does the following specified time range do?

earliest=-72h@h latest=@d

A.

Look back 3 days ago and prior

B.

Look back 72 hours up to one day ago

C.

Look back 72 hours, up to the end of today

D.

Look back from 3 days ago up to the beginning of today

Full Access
Question # 68

What kind of logs can Splunk Index?

A.

Only A, B

B.

Router and Switch Logs

C.

Firewall and Web Server Logs

D.

Only C

E.

Database logs

F.

All firewall, web server, database, router and switch logs

Full Access
Question # 69

What determines the scope of data that appears in a scheduled report?

A.

All data accessible to the User role will appear in the report.

B.

All data accessible to the owner of the report will appear in the report.

C.

All data accessible to all users will appear in the report until the next time the report is run.

D.

The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.

Full Access
Question # 70

The command shown here does witch of the following: Command: |outputlookup products.csv

A.

Writes search results to a file named products.csv

B.

Returns the contents of a file named products.csv

Full Access
Question # 71

Splunk indexes the data on the basis of timestamps.

A.

True

B.

False

Full Access
Question # 72

Which of the following constraints can be used with the top command?

A.

limit

B.

useperc

C.

addtotals

D.

fieldcount

Full Access
Question # 73

Which of the following is the most efficient filter for running searches in Splunk?

A.

Time

B.

Fast mode

C.

Sourcetype

D.

Selected Fields

Full Access