Splunk splk-2001 practice test
Splunk Certified Developer
Last exam update: Dec 01 ,2025
Page 1 out of 5. Viewing questions 1-15 out of 70
Question 1
Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
A.
<option name “link.openSearch.viewTarget">$row.link$</option>
B.
<drilldown> <link target=“ blank">$$row.link$$</link> </drilldown>
C.
<drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
D.
<drilldown> <link target “_blank">http://localhost:8000/debug/refresh</link> </drilldown>
Show Answer
Answer:
A
Reference:
Question 2
When updating a knowledge object via REST, which of the following are valid values for the sharing
A.
App
B.
User
C.
Global
D.
Nobody
Show Answer
Answer:
A
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Question 3
Which of the following are ways to get a list of search jobs? (Select all that apply.)
A.
Access Activity > Jobs with Splunk Web.
B.
Use Splunk REST to query the /services/search/jobs endpoint.
C.
Use Splunk REST to query the /services/saved/searches endpoint.
D.
Use Splunk REST to query the /services/search/sid/results endpoint.
Show Answer
Answer:
AB
Reference:
Question 4
Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)
A.
Add custom layouts.
B.
Add custom graphics.
C.
Add custom behaviors.
D.
Limit Splunk license consumption based on host.
Show Answer
Answer:
AC
Reference: https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/
Question 5
How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that
A.
No need to do anything, it is turned on by default.
B.
When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
C.
When a new HEC token is created in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
D.
When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
Show Answer
Answer:
CD
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/UsetheHTTPEventCollector
Question 6
After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance.
A.
The dashboard’s permissions were set to private.
B.
User role permissions are different on the new instance.
C.
The admin deleted the myApp/local directory before packaging.
D.
Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav
Show Answer
Answer:
AB
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/DashboardPermissions
Question 7
Which of the following statements define a namespace?
A.
The namespace is a combination of the user and the app.
B.
The namespace is a combination of the user, the app, and the role.
C.
The namespace is a combination of the user, the app, the role, and the sharing level.
D.
The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.
Show Answer
Question 8
Which of the following are characteristics of an add-on? (Select all that apply.)
A.
Requires navigation file.
B.
Occupies a unique namespace within Splunk.
C.
Can depend on add-ons for correct operation.
D.
Contains technology or components not intended for reuse by other apps.
Show Answer
Question 9
Which of the following statements describe oneshot searches? (Select all that apply.)
A.
Are always executed asynchronously.
B.
Can specify csv as an output format.
C.
Stream all results upon search completion.
D.
Can use auto_cancel to set a timeout limit.
Show Answer
Answer:
BC
Reference:
Question 10
Which of the following options would be the best way to identify processor bottlenecks of a search?
A.
Using the REST API.
B.
Using the search job inspector.
C.
Using the Splunk Monitoring Console.
D.
Searching the Splunk logs using index=“ internal”.
Show Answer
Question 11
Which of the following is true of a namespace?
A.
The namespace is a type of token filter.
B.
The namespace includes an app attribute which cannot be a wildcard.
C.
The namespace filters the knowledge objects returned by the REST API.
D.
The namespace does not filter knowledge objects returned by the REST API.
Show Answer
Question 12
What must be done when calling the serviceNS endpoint?
A.
Authenticate with an admin user.
B.
Specify the user and app context in the URI.
C.
Authenticate with the user of the required context.
D.
Pass the user and app context in the request payload.
Show Answer
Answer:
B
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Question 13
Assuming permissions are set appropriately, which REST endpoint path can be used by someone with
A.
/servicesNS/-/data/saved/searches/mySearch
B.
/servicesNS/object/saved/searches/mySearch
C.
/servicesNS/search/saved/searches/mySearch
D.
/servicesNS/-/search/saved/searches/mySearch
Show Answer
Answer:
D
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Question 14
Using Splunk Web to modify config settings for a shared object, a revised config file with those
A.
$SPLUNK_HOME/etc/apps/myApp/local
B.
$SPLUNK_HOME/etc/system/default/
C.
$SPLUNK_HOME/etc/system/local
D.
$SPLUNK_HOME/etc/apps/myApp/default
Show Answer
Answer:
A
Reference:
Question 15
What application security best practices should be adhered to while developing an app for Splunk?
A.
Review the OWASP Top Ten List.
B.
Store passwords in clear text in .conf files.
C.
Review the OWASP Secure Coding Practices Quick Reference Guide.
D.
Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
Show Answer
Answer:
AC
Reference: https://dev.splunk.com/enterprise/docs/developapps/testvalidate/securitybestpractices/