Notes: Hi all, Splunk Core Certified User SPLK-1001 Practice Exam Part 2 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Splunk Core Certified User SPLK-1001 Actual Exam because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
16. Which of the following are common constraints of the top command?
A. limit, count
B. limit, showpercent
C. limits, countfield
D. showperc, countfield
17. When displaying results of a search, which of the following is true about line charts?
A. Line charts are optimal for single and multiple series.
B. Line charts are optimal for single series when using Fast mode.
C. Line charts are optimal for multiple series with 3 or more columns.
D. Line charts are optimal for multiseries searches with at least 2 or more columns.
18. How are events displayed after a search is executed?
A. In chronological order.
B. Randomly by default.
C. In reverse chronological order.
D. Alphabetically according to field name.
19. Which of the following is true about user account settings and preferences?
A. Search & Reporting is the only app that can be set as the default application.
B. Full names can only be changed by accounts with a Power User or Admin role.
C. Time zones are automatically updated based on the setting of the computer accessing Splunk.
D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
20. What is a primary function of a scheduled report?
A. Auto-detect changes in performance.
B. Auto-generated PDF reports of overall data trends.
C. Regularly scheduled archiving to keep disk space use low.
D. Triggering an alert in your Splunk instance when certain conditions are met.
21. After running a search, what effect does clicking and dragging across the timeline have?
A. Executes a new search.
B. Filters current search results.
C. Moves to past or future events.
D. Expands the time range of the search.
22. Which command is used to review the contents of a specified static lookup file?
A. lookup
B. csvlookup
C. inputlookup
D. outputlookup
23. What must be done in order to use a lookup table in Splunk?
A. The lookup must be configured to run automatically.
B. The contents of the lookup file must be copied and pasted into the search bar.
C. The lookup file must be uploaded to Splunk and a lookup definition must be created.
D. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
24. When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
A. |
B. $
C. !
D. ,
25. Which time range picker configuration would return real-time events for the past 30 seconds?
A. Preset – Relative: 30-seconds ago
B. Relative – Earliest: 30-seconds ago, Latest: Now
C. Real-time – Earliest: 30-seconds ago, Latest: Now
D. Advanced – Earliest: 30-seconds ago, Latest: Now
26. What is the correct syntax to count the number of events containing a vendor_action field?
A. count stats vendor_action
B. count stats (vendor_action)
C. stats count (vendor_action)
D. stats vendor_action (count)
27. What is one benefit of creating dashboard panels from reports?
A. Any newly created dashboard will include that report.
B. There are no benefits to creating dashboard panels from reports.
C. It makes the dashboard more efficient because it only has to run one search string.
D. Any change to the underlying report will affect every dashboard that utilizes that report.
28. By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
A. host
B. index
C. source
D. sourcetype
29. Which of the following statements about case sensitivity is true?
A. Both field names and field values ARE case sensitive.
B. Field names ARE case sensitive; field values are NOT.
C. Field values ARE case sensitive; field names ARE NOT.
D. Both field names and field values ARE NOT case sensitive.
30. What does the rare command do?
A. Returns the least common field values of a given field in the results.
B. Returns the most common field values of a given field in the results.
C. Returns the top 10 field values of a given field in the results.
D. Returns the lowest 10 field values of a given field in the results.