Splunk Core Certified User Test! Trivia Questions Quiz
.
- 1.Which command is used to review the contents of a specified static lookup file?
- A.
Lookup
- B.
Csvlookup
- C.
Inputlookup
- D.
Outputlookup
- 2.Which time range picker configuration would return real-time events for the past 30 seconds?
- A.
Preset - Relative: 30-seconds ago
- B.
Relative - Earliest: 30-seconds ago, Latest: Now
- C.
Real-time - Earliest: 30-seconds ago, Latest: Now
- D.
Advanced - Earliest: 30-seconds ago, Latest: Now
- 3.What is one benefit of creating dashboard panels from reports?
- A.
Any newly created dashboard will include that report.
- B.
B. There are no benefits to creating dashboard panels from reports.
- C.
C. It makes the dashboard more efficient because it only has to run one search string.
- D.
D. Any change to the underlying report will affect every dashboard that utilizes that report.
- 4.Which of the following statements about case sensitivity is true?
- A.
Both field names and field values ARE case sensitive.
- B.
Field names ARE case sensitive; field values are NOT.
- C.
Field values ARE case sensitive; field names ARE NOT.
- D.
Both field names and field values ARE NOT case sensitive.
- 5.What does the rare command do?
- A.
Returns the least common field values of a given field in the results.
- B.
Returns the most common field values of a given field in the results.
- C.
Returns the top 10 field values of a given field in the results.
- D.
Returns the lowest 10 field values of a given field in the results.
- 6.Which Boolean operator is always implied between two search terms, unless otherwise specified?
- A.
Or
- B.
Not
- C.
And
- D.
Xor
- 7.What does the values function of the stats command do?
- A.
Lists all values of a given field.
- B.
Lists unique values of a given field.
- C.
Returns a count of unique values for a given field.
- D.
Returns the number of events that match the search.
- 8.A field exists in search results, but isn't being displayed in the fields sidebar. How can it be added to the fields sidebar?
- A.
Click All Fields and select the field to add it to Selected Fields.
- B.
Click Interesting Fields and select the field to add it to Selected Fields.
- C.
Click Selected Fields and select the field to add it to Interesting Fields. This scenario isn't possible because all fields returned from a search always appear in the fields sidebar.
- D.
This scenario isn't possible because all fields returned from a search always appear in the fields sidebar.
- 9.In the fields sidebar, which character denotes alphanumeric field values?
- A.
#
- B.
%
- C.
A
- D.
A#
- 10.Which of the following is the most efficient filter for running searches in Splunk?
- A.
Time
- B.
Fast mode
- C.
Sourcetype
- D.
Selected fields
- 11.What is the correct syntax to count the number of events containing a vendor_action field?=
- A.
Count stats vendor_action
- B.
Count stats (vendor_action)
- C.
Stats count (vendor_action)
- D.
Stats vendor_action (count)
- 12.By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
- A.
Host
- B.
Index
- C.
Source
- D.
Sourcetype
- 13.When looking at a dashboard panel that is based on a report, which of the following is true?
- A.
You can modify the search string in the panel, and you can change and configure the visualization.
- B.
You can modify the search string in the panel, but you cannot change and configure the visualization.
- C.
You cannot modify the search string in the panel, but you can change and configure the visualization.
- D.
You cannot modify the search string in the panel, and you cannot change and configure the visualization.
- 14.When looking at a dashboard panel that is based on a report, which of the following is true?
- A.
You can modify the search string in the panel, and you can change and configure the visualization.
- B.
You can modify the search string in the panel, but you cannot change and configure the visualization.
- C.
You cannot modify the search string in the panel, but you can change and configure the visualization.
- D.
You cannot modify the search string in the panel, and you cannot change and configure the visualization.
- 15.Which of the following is a best practice when writing a search string?
- A.
Include all formatting commands before any search terms
- B.
Include at least one function as this is a search requirement
- C.
Include the search terms at the beginning of the search string
- D.
Avoid using formatting clauses as they add too much overhead
- 16.What type of search can be saved as a report?
- A.
Any search can be saved as a report
- B.
Only searches that generate visualizations
- C.
Only searches containing a transforming command
- D.
Only searches that generate statistics or visualizations
- 17.What can be included in the All Fields option in the sidebar?
- A.
Dashboards
- B.
Metadata only
- C.
Non-interesting fields
- D.
Field descriptions
- 18.
- What syntax is used to link key/value pairs in search strings?
- A.
Action+purchase
- B.
Action=purchase
- C.
Action | purchase
- D.
Action equal purchase
- 19.When viewing the results of a search, what is an Interesting Field?
- A.
A field that appears in any event
- B.
A field that appears in every event
- C.
A field that appears in the top 10 events
- D.
A field that appears in at least 20% of the events
- 20.What syntax is used to link key/value pairs in search strings?
- A.
Parentheses
- B.
@ or # symbols
- C.
Quotation marks
- D.
Relational operators such as =, <, or >
- 21.When a Splunk search generates calculated data that appears in the Statistics tab. in what formats can the results be exported?
- A.
CSV, JSON, PDF
- B.
CSV, XML JSON
- C.
Raw Events, XML, JSON
- D.
Raw Events, CSV, XML, JSON
- 22.Which of the following are functions of the stats command?
- A.
Count, sum, add
- B.
Count, sum, less
- C.
Sum, avg, values
- D.
Sum, values, table
- 23.In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?
- A.
No events will be returned.
- B.
Splunk will prompt you to specify an index.
- C.
All non-indexed events to which the user has access will be returned.
- D.
Events from every index searched by default to which the user has access will be returned.
- 24.Which search matches the events containing the terms "error" and "fail"?
- A.
Index=security Error Fail
- B.
Index=security error OR fail
- C.
Index=security "error failure"
- D.
Index=security NOT error NOT fail
- 25.Which of the following is an option after clicking an item in search results?
- A.
Saving the item to a report
- B.
Adding the item to the search.
- C.
Adding the item to a dashboard
- D.
Saving the search to a JSON file.
Questions: 59 | Attempts: 21819 | Last updated: Mar 22, 2022
-
Sample QuestionA person who is capable of demonstrating the mental competence and physical ability to leave a building without the assistance of any other person or without the use of any mechanical aid in case of emergency.
Questions: 25 | Attempts: 18509 | Last updated: May 11, 2022
-
Sample QuestionThe key factors that include in professionalism are Attitude Working as a team
Questions: 28 | Attempts: 9950 | Last updated: Mar 22, 2022
-
Sample QuestionWhat is the maximum height that an elevated structure for children 5-12 can be without having barriers?
- Aca Quizzes
- Acca Quizzes
- Ace Quizzes
- Aipg Quizzes
- Bcba Quizzes
- Ccp Quizzes
- Cdc Quizzes
- Cdcs Quizzes
- Ceh Quizzes
- Cfa Quizzes
- Cisa Quizzes
- Cisco Quizzes
- Cissp Quizzes
- CompTIA Quizzes
- Cpa Quizzes
- Cpat Quizzes
- Cpfa Quizzes
- Cpp Quizzes
- Cps Quizzes
- Cpt Quizzes
- Csa Quizzes
- Cset Quizzes
- Cst Quizzes
- Cswip Quizzes
- Ftce Quizzes
- Hipaa Quizzes
- Iahcsmm Quizzes
- Istqb Quizzes
- Leed Ga Quizzes
- MBLEx Quizzes
- Ncidq Quizzes
- Pmp Quizzes
- Praxis Quizzes
- Ptcb Quizzes
- Six Sigma Quizzes
- Teas Quizzes