Splunk splk-1001 practice test

Question 1

Which Field/Value pair will return only events found in the index named security?

• C. Index=security
• D. index!=Security

Answer:

B

Explanation:
Reference:
https://answers.splunk.com/answers/712164/why-are-the-wineventlogssecurity-indexing-indiffe.html

Question 2

Which statement describes field discovery at search time?

• A. Splunk automatically discovers only numeric fields
• B. Splunk automatically discovers only alphanumeric fields
• C. Splunk automatically discovers only manually configured fields
• D. Splunk automatically discovers only fields directly related to the search results

Answer:

D

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Changethesearchmode

Question 3

What are the three main Splunk components?

• A. Search head, GPU, streamer
• B. Search head, indexer, forwarder
• C. Search head, SQL database, forwarder
• D. Search head, SSD, heavy weight agent

Answer:

B

Explanation:
Reference:
https://www.edureka.co/blog/splunk-architecture/

Question 4

When is an alert triggered?

• A. When Splunk encounters a syntax error in a search
• B. When a trigger action meets the predefined conditions
• C. When an event in a search matches up with a data model
• D. When results of a search meet a specifically defined condition

Answer:

D

Explanation:
Reference:
https://books.google.com.pk/books?id=sNwkBQAAQBAJ&pg=PT525&lpg=PT525&dq=splunk+alert
+triggered+When+results+of+a+search+meet+a+specifically+defined
+condition&source=bl&ots=avtEx5luxo&sig=ACfU3U1ZVob_j9nU243Te2vhqwxI3YvJuA&hl=en&sa=X
&ved=2a
hUKEwjm48rmkfXoAhUlMewKHb_FAbkQ6AEwB3oECBYQJg
QUESTION 197

Question 5

Which search will return the 15 least common field values for the dest_ip field?

• A. sourcetype=firewall | rare num=15 dest_ip
• B. sourcetype=firewall | rare last=15 dest_ip
• C. sourcetype=firewall | rare count=15 dest_ip
• D. sourcetype=firewall | rare limit=15 dest_ip

Answer:

C

Explanation:
Reference:
https://answers.splunk.com/answers/41928/add-a-lookup-csv-colum-information-to-the-results-ofa-inputlookup-search.html

Question 6

What is the default lifetime of every Splunk search job?

• A. All search jobs are saved for 10 days
• B. All search jobs are saved for 10 hours
• C. All search jobs are saved for 10 weeks
• D. All search jobs are saved for 10 minutes

Answer:

D

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Extendjoblifetimes

Question 7

In the Fields sidebar, what does the number directly to the right of the field name indicate?

• A. The value of the field
• B. The number of values for the field
• C. The number of unique values for the field
• D. The numeric non-unique values of the field

Answer:

C

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchTutorial/Usefieldstosearch

Question 8

How can results from a specified static lookup file be displayed?

• A. lookup command
• B. inputlookup command
• C. Settings > Lookups > Input
• D. Settings > Lookups > Upload

Answer:

B

Question 9

When is the pipe character, I, used in search strings?

• A. Before clauses. For example: stats sum(bytes) | by host
• B. Before commands. For example: | stats sum(bytes) by host
• C. Before arguments. For example: stats sum| (bytes) by host
• D. Before functions. For example: stats |sum(bytes) by host

Answer:

B

Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/
Aboutsearchlanguagesyntax#Quotes_and_escaping_characters

Question 10

Which of the following is the best way to create a report that shows the last 24 hours of events?

• A. Use [email protected] [email protected]
• B. Set a real-time search over a 24-hour window
• C. Use the time range picket to select “Yesterday”
• D. Use the time range picker to select “Last 24 hours”

Answer:

D