SPLK-1001 Exam - Splunk Core Certified User Exam

NEW QUESTION 1
Data sources being opened and read applies to:

• A. None of the above
• B. Indexing Phase
• C. Parsing Phase
• D. Input Phase
• E. License Metering

Answer: D

NEW QUESTION 2
What is the main requirement for creating visualizations using the Splunk UI?

• A. Your search must transform event data into Excel file format first.
• B. Your search must transform event data into XML formatted data first.
• C. Your search must transform event data into statistical data tables first.
• D. Your search must transform event data into JSON formatted data first.

Answer: B

NEW QUESTION 3
After running a search, what effect does clicking and dragging across the timeline have?

• A. Executes a new search.
• B. Filters current search results.
• C. Moves to past or future events.
• D. Expands the time range of the search.

Answer: C

NEW QUESTION 4
A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

• A. An app
• B. JSON
• C. A role
• D. An enhanced solution

Answer: A

NEW QUESTION 5
Portal for Splunk apps can be accessed through www.splunkbase.com

• A. False
• B. True

Answer: B

NEW QUESTION 6
Splunk Enterprise is used as a Scalable service in Splunk Cloud.

• A. True
• B. False

Answer: A

NEW QUESTION 7
Forward Option gather and forward data to indexers over a receiving port from remote machines.

• A. False
• B. True

Answer: B

NEW QUESTION 8
What type of search can be saved as a report?

• A. Any search can be saved as a report.
• B. Only searches that generate visualizations.
• C. Only searches containing a transforming command.
• D. Only searches that generate statistics or visualizations.

Answer: A

NEW QUESTION 9
Which of the following is the most efficient filter for running searches in Splunk?

• A. Time
• B. Fast mode
• C. Sourcetype
• D. Selected Fields

Answer: C

NEW QUESTION 10
Which of the following is true about user account settings and preferences?

• A. Search & Reporting is the only app that can be set as the default application.
• B. Full names can only be changed by accounts with a Power User or Admin role.
• C. Time zones are automatically updated based on the setting of the computer accessing Splunk.
• D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Answer: B

NEW QUESTION 11
Log filtering/parsing can be done from _____.

• A. Index Forwarders (IF)
• B. Universal Forwarders (UF)
• C. Super Forwarder (SF)
• D. Heavy Forwarders (HF)

Answer: D

NEW QUESTION 12
Three basic components of Splunk are (Choose three.):

• A. Forwarders
• B. Deployment Server
• C. Indexer
• D. Knowledge Objects
• E. Index
• F. Search Head

Answer: ACF

NEW QUESTION 13
When looking at a dashboard panel that is based on a report, which of the following is true?

• A. You can modify the search string in the panel, and you can change and configure the visualization.
• B. You can modify the search string in the panel, but you cannot change and configure the visualization.
• C. You cannot modify the search string in the panel, but you can change and configure the visualization.
• D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

Answer: C

NEW QUESTION 14
Data summary button just below the search bar gives you the following (Choose three.):

• A. Hosts
• B. Sourcetypes
• C. Sources
• D. Indexes

Answer: ABC

NEW QUESTION 15
What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

• A. the_questionnaire _pedia
• B. the_questionnaire pedia
• C. the_questionnaire_pedia
• D. the_questionnaire Pedia

Answer: C

NEW QUESTION 16
What must be done in order to use a lookup table in Splunk?

• A. The lookup must be configured to run automatically.
• B. The contents of the lookup file must be copied and pasted into the search bar.
• C. The lookup file must be uploaded to Splunk and a lookup definition must be created.
• D. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.

Answer: C

NEW QUESTION 17
What is a primary function of a scheduled report?

• A. Auto-detect changes in performance.
• B. Auto-generated PDF reports of overall data trends.
• C. Regularly scheduled archiving to keep disk space use low.
• D. Triggering an alert in your Splunk instance when certain conditions are met.

Answer: D

NEW QUESTION 18
What syntax is used to link key/value pairs in search strings?

• A. action+purchase
• B. action=purchase
• C. action | purchase
• D. action equal purchase

Answer: B

NEW QUESTION 19
Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):

• A. Open new search.
• B. Exclude the item from search.
• C. None of the above.
• D. Add the item to search.

Answer: ABD

NEW QUESTION 20
All components are installed and administered in Splunk Enterprise on-premise.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Explanation/Reference:
B. False
Answer:

NEW QUESTION 21
What can be configured using the Edit Job Settings menu?

• A. Export the result to CSV format.
• B. Add the Job results to a dashboard.
• C. Schedule the Job to re-run in 10 minutes.
• D. Change Job Lifetime from 10 minutes to 7 days.

Answer: B

NEW QUESTION 22
Which is primary function of the timeline located under the search bar?

• A. To differentiate between structured and unstructured events in the data.
• B. To sort the events returned by the search command in chronological order.
• C. To zoom in and zoom out, although this does not change the scale of the chart.
• D. To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Answer: D

NEW QUESTION 23
You are able to create new Index in Data Input settings.

• A. No
• B. Yes

Answer: B

NEW QUESTION 24
What is the primary use for the rare command?

• A. To sort field values in descending order.
• B. To return only fields containing five of fewer values.
• C. To find the least common values of a field in a dataset.
• D. To find the fields with the fewest number of values across a dataset.

Answer: C

NEW QUESTION 25
......