Splunk SPLK-1001 Exam Practice Test Instant Access

Question 1

What are the three main Splunk components?

ASearch head, GPU, streamer

BSearch head, indexer, forwarder

CSearch head, SQL database, forwarder

DSearch head, SSD, heavy weight agent

Answer : B

Explanation/Reference:

Question 2

Which of the following is a correct way to limit search results to display the 5 most common values of a field?

A| rare top=5

B| top rare=5

C| top limit=5

D| rare limit=5

Answer : C

Question 3

Which of the following is the most efficient search?

Aindex=* ''failed password''

B''failed password'' index=*

C(index=* OR index=security) ''failed password''

Dindex=security ''failed password''

Answer : A

Question 4

Which command will rename action to Customer Action?

A| rename action = CustomerAction

B| rename Action as ''Customer Action''

C| rename Action to ''Customer Action''

D| rename action as ''Customer Action''

Answer : D

Explanation/Reference: Reference: https://answers.splunk.com/answers/610038/understanding-command-in-search.html

Question 5

Which of the following is a Splunk internal field?

A_raw

Bhost

C_host

Dindex

Answer : A

Question 6

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

Alatest=-2h

Bearliest=-2h

Clatest=-2hour@d

Dearliest=-2hour@d

Answer : B

Explanation/Reference: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Specifytimemodifiersinyoursearch

Question 7

What will always appear in the Selected Fields list?

Aindex

Baction

Cclientip

Dsourcetype

Answer : D

Splunk SPLK-1001 Splunk Core Certified User Exam Practice Test