IT Certification Guaranteed, The Easy Way! Exam : SPLK-1002 Title : Splunk Core Certified Power User Exam Vendor : Splunk Version : V12.75 1 IT Certification Guaranteed, The Easy Way! QUESTION NO: 1 Which one of the following statements about the search command is true? A. It does not allow the use of wildcards. B. It treats field values in a case-sensitive manner. C. It can only be used at the beginning of the search pipeline. D. It behaves exactly like search strings before the first pipe. Answer: C QUESTION NO: 2 It is mandatory for the lookup file to have this for an automatic lookup to work. A. Source type B. At least five columns C. Timestamp D. Input filed Answer: D QUESTION NO: 3 What does the following search do? index=condlog type=mysterymeat action=eaten I scats count as cornlog_count by us: A. Creates a table of the total count of users and split by corndogs. B. Creates a table of the total count of mysterymeat corndogs split by user. C. Creates a table with the count of all types of corndogs eaten split by user. D. Creates a table that groups the total number of users by vegetarian corndogs. Answer: A QUESTION NO: 4 These kinds of charts represent a series in a single bar with multiple sections A. Multi-Series B. Split-Series C. Omit nulls D. Stacked Answer: B QUESTION NO: 5 If a search returns ____________ it can be viewed as a chart. A. timestamps B. statistics C. events D. keywords Answer: B QUESTION NO: 6 Which of the following statements about tags is true? 2 IT Certification Guaranteed, The Easy Way! A. Tags are case insensitive. B. Tags are created at index time. C. Tags can make your data more understandable. D. Tags are searched by using the syntax tag: : <fieldneme> Answer: C QUESTION NO: 7 This role is required to install the CIM Add-on. Select your answer. A. ADMIN B. POWER C. USER Answer: A QUESTION NO: 8 Which of the following eval command function is valid? A. Int () B. Count ( ) C. Print () D. Tostring () Answer: D QUESTION NO: 9 Field aliases are used to __________ data A. clean B. transform C. calculate D. normalize Answer: D QUESTION NO: 10 Which of the following is the correct way to use the data model command to search field in the data model within the web dataset? A. | datamodel web search | filed web * B. | Search datamodel web web | filed web* C. | datamodel web web field | search web* D. Datamodel=web | search web | filed web* Answer: A QUESTION NO: 11 When extracting fields, we may choose to use our own regular expressions A. True B. False 3 IT Certification Guaranteed, The Easy Way! Answer: A QUESTION NO: 12 Which of the following statements describes field aliases? A. Field alias names replace the original field name. B. Field aliases can be used in lookup file definitions. C. Field aliases only normalize data across sources and sourcetypes. D. Field alias names are not case sensitive when used as part of a search. Answer: A QUESTION NO: 13 Alert throttling is used to _______. A. verify each alert B. stagger search request in a time sequenced order C. stop spamming yourself with alerts D. check severity Answer: C QUESTION NO: 14 This is what Splunk uses to categorize the data that is being indexed. A. sourcetype B. index C. source D. host Answer: A QUESTION NO: 15 Which of the following knowledge objects represents the output of an oval expression? A. Eval fields B. Calculated fields C. Field extractions D. Calculated lookups Answer: C QUESTION NO: 16 Which of the following actions can the aval command perform? A. Remove fields from results. B. Create or replace an existing field. C. Group transactions by one or more fields. D. Save SPL commands to be reused in other searches. Answer: B QUESTION NO: 17 4 IT Certification Guaranteed, The Easy Way! Which of the following statements describe data model acceleration? (select all that apply) A. Root events cannot be accelerated. B. Accelerated data models cannot be edited. C. Private data models cannot be accelerated. D. You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model. Answer: B C QUESTION NO: 18 What is the relationship between data models and pivots? A. Data models provide the datasets for pivots. B. Pivots and data models have no relationship. C. Pivots and data models are the same thing. D. Pivots provide the datasets for data models. Answer: D QUESTION NO: 19 This function of the stats command allows you to return the middle-most value of field X. A. Median(X) B. Eval by X C. Fields(X) D. Values(X) Answer: A QUESTION NO: 20 which of the following commands are used when creating visualizations(select all that apply.) A. Geom B. Choropleth C. Geostats D. iplocation Answer: A C D QUESTION NO: 21 This function of the stats command allows you to identify the number of values a field has. A. max B. distinct_count C. fields D. count Answer: D QUESTION NO: 22 Which of these search strings is NOT valid: A. index=web status=50* | chart count over host, status 5 IT Certification Guaranteed, The Easy Way! B. index=web status=50* | chart count over host by status C. index=web status=5-* | chart count by host, status Answer: B QUESTION NO: 23 A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____. A. skipped or deferred B. automatically accelerated C. deleted D. all of the above Answer: A QUESTION NO: 24 What does the transaction command do? A. Groups a set of transactions based on time. B. Creates a single event from a group of events. C. Separates two events based on one or more values. D. Returns the number of credit card transactions found in the event logs. Answer: B QUESTION NO: 25 Which of the following is NOT a stats function: A. sum B. addtotals C. count D. avg Answer: B QUESTION NO: 26 Data model are composed of one or more of which of the fo-owing datasets? (select all that apply.) A. Events datasets B. Search datasets C. Transaction datasets D. Any child of event, transaction, and search datasets Answer: A B C QUESTION NO: 27 Which delimiters can the Field Extractor (FX) detect? (select all that apply) A. Tabs B. Pipes C. Spaces 6 IT Certification Guaranteed, The Easy Way! D. Commas Answer: A B C QUESTION NO: 28 We can use the rename command to _____ (Select all that apply.) A. Change indexed fields B. Exclude fields from our search results C. Extract new fields from our data using regular expressions D. Give a field a new name at search time Answer: D QUESTION NO: 29 In what order arc the following knowledge objects/configurations applied? A. Field Aliases, Field Extractions, Lookups B. Field Extractions, Field Aliases, Lookups C. Field Extractions, Lookups, Field Aliases D. Lookups, Field Aliases, Field Extractions Answer: C QUESTION NO: 30 Which is not a comparison operator in Splunk A. <= B. = C. != D. > E. ?= Answer: E QUESTION NO: 31 Which of the following can be used with the eval command tostring function (select all that apply) A. ''hex'' B. ''commas'' C. ''Decimal'' D. ''duration'' Answer: A B D QUESTION NO: 32 Which command is used to create choropleth maps? A. geostats B. cluster C. geom Answer: C 7 IT Certification Guaranteed, The Easy Way! QUESTION NO: 33 A calculated field maybe based on which of the following? A. Lookup tables B. Extracted fields C. Regular expressions D. Fields generated within a search string Answer: B QUESTION NO: 34 What do events in a transaction have In common? A. All events In a transaction must have the same timestamp. B. All events in a transaction must have the same sourcetype. C. All events in a transaction must have the exact same set of fields. D. All events in a transaction must be related by one or more fields. Answer: B QUESTION NO: 35 What are the two parts of a root event dataset? A. Fields and variables. B. Fields and attributes. C. Constraints and fields. D. Constraints and lookups. Answer: C QUESTION NO: 36 In which of the following scenarios is an event type more effective than a saved search? A. When a search should always include the same time range. B. When a search needs to be added to other users' dashboards. C. When the search string needs to be used in future searches. D. When formatting needs to be included with the search string. Answer: D QUESTION NO: 37 A space is an implied _____ in a search string. A. OR B. AND C. () D. NOT Answer: B QUESTION NO: 38 Which of the following statements describes macros? 8 IT Certification Guaranteed, The Easy Way! A. A macro is a reusable search string that must contain the full search. B. A macro is a reusable search string that must have a fixed time range. C. A macro Is a reusable search string that may have a flexible time range. D. A macro Is a reusable search string that must contain only a portion of the search. Answer: C QUESTION NO: 39 By default search results are not returned in ________ order. A. Chronological B. Reverser chronological C. ASCIE D. Alphabetical Answer: A D QUESTION NO: 40 These allow you to categorize events based on search terms. Select your answer. A. Groups B. Event Types C. Macros D. Tags Answer: B QUESTION NO: 41 The eval command 'if' function requires the following three arguments (in order): A. Boolean expression, result if true, result if false B. Result if true, result if false, boolean expression C. Result if false, result if true, boolean expression D. Boolean expression, result if false, result if true Answer: A QUESTION NO: 42 What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names? A. Macros. B. Field aliases. C. The rename command. D. CIM does not work with different names for the same field. Answer: B QUESTION NO: 43 How does a user display a chart in stack mode? A. By using the stack command. 9 IT Certification Guaranteed, The Easy Way! B. By turning on the Use Trellis Layout option. C. By changing Stack Mode in the Format menu. D. You cannot display a chart in stack mode, only a timechart. Answer: C QUESTION NO: 44 Which of the following Statements about macros is true? (select all that apply) A. Arguments are defined at execution time. B. Arguments are defined when the macro is created. C. Argument values are used to resolve the search string at execution time. D. Argument values are used to resolve the search string when the macro is created. Answer: A C QUESTION NO: 45 What does the fillnull command replace null values with, it the value argument is not specified? A. 0 B. N/A C. NaN D. NULL Answer: A QUESTION NO: 46 __________ datasets can be added to root dataset to narrow down the search A. parent B. extracted C. event D. child Answer: D QUESTION NO: 47 Which of the following file formats can be extracted using a delimiter field extraction? A. CSV B. PDF C. XML D. JSON Answer: A QUESTION NO: 48 When you mouse over and click to add a search term this (thesE. Boolean operator(s) is(arE. not implied. (Select all that apply). A. OR 10 IT Certification Guaranteed, The Easy Way! B. ( ) C. AND D. NOT Answer: B QUESTION NO: 49 When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events? A. Rank B. Weight C. Priority D. Precedence Answer: C QUESTION NO: 50 Which of the following search control will not re-rerun the search? (Select all that apply.) A. zoom out B. selecting a bar on the timeline C. deselect D. selecting a range of bars on the timelines Answer: B C D QUESTION NO: 51 Which of the following describes the Splunk Common Information Model (CIM) add-on? A. The CIM add-on uses machine learning to normalize data. B. The CIM add-on contains dashboards that show how to map data. C. The CIM add-on contains data models to help you normalize data. D. The CIM add-on is automatically installed in a Splunk environment. Answer: C QUESTION NO: 52 Based on the macro definition shown below, what is the correct way to execute the macro in search string? A. Convert_sales (euro, €, 79)" B. Convert_sales (euro, €, .79) 11 IT Certification Guaranteed, The Easy Way! C. Convert_sales ($euro,$€$,s79$ D. Convert_sales ($euro, $€$,S,79$) Answer: B QUESTION NO: 53 When using timechart, how many fields can be listed after a by clause? A. because timechart doesn't support using a by clause. B. because _time is already implied as the x-axis. C. because one field would represent the x-axis and the other would represent the y-axis. D. There is no limit specific to timechart. Answer: B QUESTION NO: 54 A user wants to convert field values to string and also to sort on those value. Which command should be used first, the eval or the sort? A. It doesn't matter whether eval or sort is used first. B. Convert the numeric to a string with eval first, then sort. C. Use sort first, then convert the numeric to a string with eval. D. You cannot use the sort command and the eval command on the same field. Answer: B QUESTION NO: 55 Which of the following statements describes this search? sourcetype=access_combined I transaction JSESSIONID | timechart avg (duration) A. This is a valid search and will display a timechart of the average duration, of each transaction event. B. This is a valid search and will display a stats table showing the maximum pause among transactions. C. No results will be returned because the transaction command must include the startswith and endswith options. D. No results will be returned because the transaction command must be the last command used in the search pipeline. Answer: A QUESTION NO: 56 Clicking a SEGMENT on a chart, ________. A. drills down for that value B. highlights the field value across the chart C. adds the highlighted value to the search criteria Answer: C QUESTION NO: 57 A real-time alert is ______________. A. A scheduled alert 12 IT Certification Guaranteed, The Easy Way! B. constantly running in the background Answer: B QUESTION NO: 58 Complete the search, .... | _____ failure>successes A. Search B. Where C. If D. Any of the above Answer: B QUESTION NO: 59 Which of the following statements describe GET workflow actions? A. GET workflow actions must be configured with POST arguments. B. Configuration of GET workflow actions includes choosing a sourcetype. C. Label names for GET workflow actions must include a field name surrounded by dollar signs. D. GET workflow actions can be configured to open the URT link in the current window or in a new window Answer: D QUESTION NO: 60 Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned? A. maxpause B. endswith C. maxduration D. maxspan Answer: D QUESTION NO: 61 Using the export function, you can export search results as __________.( Select all that apply) A. Xml B. Json C. Html D. A php file Answer: A B QUESTION NO: 62 The limit attribute will___________. A. override default of 10 B. only work with top command C. override default of 20 13 IT Certification Guaranteed, The Easy Way! D. override default of 15 Answer: A QUESTION NO: 63 What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration) A. The average time elapsed during each transaction for all transactions B. The average time for each event within each transaction C. The average time between each transaction Answer: A QUESTION NO: 64 Which of the following statements describes Search workflow actions? A. By default. Search workflow actions will run as a real-time search. B. Search workflow actions can be configured as scheduled searches, C. The user can define the time range of the search when created the workflow action. D. Search workflow actions cannot be configured with a search string that includes the transaction command Answer: C QUESTION NO: 65 Selected fields are displayed ______each event in the search results. A. below B. interesting fields C. other fields D. above Answer: A QUESTION NO: 66 Which of the following searches will show the number of categoryld used by each host? A. Sourcetype=access_* |sum bytes by host B. Sourcetype=access_* |stats sum(categorylD. by host C. Sourcetype=access_* |sum(bytes) by host D. Sourcetype=access_* |stats sum by host Answer: B QUESTION NO: 67 Which group of users would most likely use pivots? A. Users B. Architects C. Administrators D. Knowledge Managers Answer: D 14 IT Certification Guaranteed, The Easy Way! QUESTION NO: 68 Which of the following statements describe calculated fields? (select all that apply) A. Calculated fields can be used in the search bar. B. Calculated fields can be based on an extracted field. C. Calculated fields can only be applied to host and sourcetype. D. Calculated fields are shortcuts for performing calculations using the eval command. Answer: B D QUESTION NO: 69 Which of the following are required to create a POST workflow action? A. Label, URI, search string. B. XMI attributes, URI, name. C. Label, URI, post arguments. D. URI, search string, time range picker. Answer: B QUESTION NO: 70 Which of the following commands will show the maximum bytes? A. sourcetype=access_* | maximum totals by bytes B. sourcetype=access_* | avg (bytes) C. sourcetype=access_* | stats max(bytes) D. sourcetype=access_* | max(bytes) Answer: C QUESTION NO: 71 This function of the stats command allows you to return the sample standard deviation of a field. A. stdev B. dev C. count deviation D. by standarddev Answer: A QUESTION NO: 72 Which of these is NOT a field that is automatically created with the transaction command? A. maxcount B. duration C. eventcount Answer: A QUESTION NO: 73 In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host 15 IT Certification Guaranteed, The Easy Way! A. status B. host C. count Answer: C QUESTION NO: 74 Which of the following statements about event types is true? (select all that apply) A. Event types can be tagged. B. Event types must include a time range, C. Event types categorize events based on a search. D. Event types can be a useful method for capturing and sharing knowledge. Answer: B C QUESTION NO: 75 This tab shows you the event patterns in the results of a specific search. A. statistics B. visualization C. patterns Answer: C QUESTION NO: 76 Select this in the fields sidebar to automatically pipe you search results to the rare command A. events with this field B. rare values C. top values by time D. top values Answer: B QUESTION NO: 77 This is what Splunk uses to categorize the data that is being indexed. A. Host B. Sourcetype C. Index D. Source Answer: B QUESTION NO: 78 The time range specified for a historical search defines the ____________ .------questionable on ans A. Amount of data shown on the timeline as data streams in B. Amount of data fetched from index matching that time range C. Time range for the static results Answer: B 16 IT Certification Guaranteed, The Easy Way! QUESTION NO: 79 The timechart command buckets data in time intervals depending on: A. the number of events returned B. the selected time range C. the type of visualization selected Answer: B QUESTION NO: 80 Which of the following statements describe the search below? (select all that apply) Index=main I transaction clientip host maxspan=30s maxpause=5s A. Events in the transaction occurred within 5 seconds. B. It groups events that share the same clientip and host. C. The first and last events are no more than 5 seconds apart. D. The first and last events are no more than 30 seconds apart. Answer: B QUESTION NO: 81 When creating a Search workflow action, which field is required? A. Search string B. Data model name C. Permission setting D. An eval statement Answer: C QUESTION NO: 82 Which search would limit an "alert" tag to the "host" field? A. tag=alert B. host::tag::alert C. tag==alert D. tag::host=alert Answer: D QUESTION NO: 83 Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro? 17 IT Certification Guaranteed, The Easy Way! A. The macro name is sessiontracker and the argument are action, JESSION. B. The macro name is sessiontracker (2) and the action JESSIONID C. The macro name is sessiontracker and the argument are sectional ,$ JESSIONIDS. D. The macro name is sessiontracker (2) and the argument are $action ,$JESSIONIDS. Answer: B QUESTION NO: 84 Use this command to use lookup fields in a search and see the lookup fields in the field sidebar. A. inputlookup B. lookup Answer: B QUESTION NO: 85 In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer. A. Selected-Fields B. Non-Matches C. Non-Extractions D. Matches Answer: B QUESTION NO: 86 Calculated fields can be based on which of the following? A. Tags B. Extracted fields C. Output fields for a lookup D. Fields generated from a search string Answer: B QUESTION NO: 87 18 IT Certification Guaranteed, The Easy Way! Which of the following statements about data models and pivot are true? (select all that apply) A. They are both knowledge objects. B. Data models are created out of datasets called pivots. C. Pivot requires users to input SPL searches on data models. D. Pivot allows the creation of data visualizations that present different aspects of a data model. Answer: B D QUESTION NO: 88 During the validation step of the Field Extractor workflow: Select your answer. A. You can remove values that aren't a match for the field you want to define B. You can validate where the data originated from C. You cannot modify the field extraction Answer: A QUESTION NO: 89 When should you use the transaction command instead of the scats command? A. When you need to group on multiple values. B. When duration is irrelevant in search results. . C. When you have over 1000 events in a transaction. D. When you need to group based on start and end constraints. Answer: C QUESTION NO: 90 Which of the following are valid options to speed up reports? (Select all the apply.) A. Edit permissions B. Edit description C. Edit acceleration D. Edit schedule Answer: C QUESTION NO: 91 Which of the following statements describe the search string below? dacamodel Application_State All_Application_State search A. Events will be returned from dataset named Application_state. B. Events will be returned from the data model named Application_State. C. Events will be returned from the data model named All_Application_state. D. No events will be returned because the pipe should occur after the datamodel command Answer: C QUESTION NO: 92 19 IT Certification Guaranteed, The Easy Way! Which of the following statements are true for this search? (Select all that apply.) SEARCH: sourcetype=access* |fields action productld status A. is looking for all events that include the search terms: fields AND action AND productld AND status B. users the table command to improve performance C. limits the fields are extracted D. returns a table with 3 columns Answer: B C QUESTION NO: 93 The fields sidebar does not show________. (Select all that apply.) A. interesting fields B. selected fields C. all extracted fields Answer: C QUESTION NO: 94 This clause is used to group the output of a stats command by a specific name. A. Rex B. As C. List D. By Answer: A QUESTION NO: 95 O: 97 which of the following are valid options with the chart command A. useother B. usenull C. fillfield D. usefiled Answer: A B QUESTION NO: 96 Which of the following about reports is/are true? A. Reports are knowledge objects. B. Reports can be scheduled. C. Reports can run a script. D. All of the above. Answer: D QUESTION NO: 97 Which of the following statements is true, especially in largo environments? 20 IT Certification Guaranteed, The Easy Way! A. Use the scats command when you next to group events by two or more fields. B. The scats command is faster and more efficient than the transaction command C. The transaction command is faster and more efficient than the stats command. D. Use the transaction command when you want to see the results of a calculation. Answer: C QUESTION NO: 98 Which of the following statements describes the command below (select all that apply) sourcetype-access_combined | transaction JSESSIONID A. An additional filed named maxspan is created. B. An additional Held named duration is created. C. An additional field named eventcount is created. D. Events with the same JSESSIONID will be grouped together into a single event. Answer: B C QUESTION NO: 99 A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results? A. Both will appear in the All Fields list, but only if the alias is specified in the search. B. Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events. C. The original field only appears in All Fields list and the alias only appears in the Interesting Fields list. D. The alias only appears in the All Fields list and the original field only appears in the Interesting Fields list. Answer: B QUESTION NO: 100 Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (select all that apply) A. Auto-Extracted fields can be given a friendly name for use in Pivot. B. Auto-Extracted fields can be hidden in Pivot. C. Auto-Extracted fields can be added if they already exist in the dataset with constraints. D. Auto-Extracted fields can have their data type changed. Answer: D QUESTION NO: 101 For choropleth maps,splunk ships with the following KMZ files (select all that apply) A. States of the United States B. States and provinces of the united states and Canada C. Countries of the European Union D. Countries of the World Answer: A D 21 IT Certification Guaranteed, The Easy Way! QUESTION NO: 102 The stats command will create a _____________ by default. A. Table B. Report C. Pie chart Answer: A QUESTION NO: 103 Splunk alerts can be based on search that run______. (Select all that apply.) A. in real-time B. on a regular schedule C. and have no matching events Answer: A B QUESTION NO: 104 When using a split series on a chart, the series MUST be displayed using the STACKED option. A. True B. False Answer: B QUESTION NO: 105 These users can create global knowledge objects. (Select all that apply.) A. users B. power users C. administrators Answer: B C QUESTION NO: 106 What is the correct syntax to search for a tag associated with a value on a specific fiedsd? A. Tag-<field? B. Tag<filed(tagname.) C. Tag=<filed>::<tagname> D. Tag::<filed>=<tagname> Answer: D QUESTION NO: 107 The transaction command allows you to __________ events across multiple sources A. duplicate B. correlate C. persist D. tag Answer: B 22 IT Certification Guaranteed, The Easy Way! QUESTION NO: 108 Which of the following searches show a valid use of macro? (Select all that apply) A. Option A B. Option B C. Option C D. Option D Answer: A C QUESTION NO: 109 Use the dedup command to _____. A. Rename a field in the index B. remove duplicate values C. provide an additional alias for the field that can D.be used in the search criteria Answer: B QUESTION NO: 110 Highlighted search terms indicate _________ search results in Splunk. A. Display as selected fields. B. Sorted C. Charted based on time D. Matching Answer: D QUESTION NO: 111 Which of the following statements describe the Common Information Model (QM)? (select all that apply) A. CIM is a methodology for normalizing data. B. CIM can correlate data from different sources. C. The Knowledge Manager uses the CIM to create knowledge objects. D. CIM is ^n app that can coexist with other apps on a single Splunk deployment. Answer: A C QUESTION NO: 112 The Splunk CIM Add-on includes data models in a __________ format. Select your answer. A. MySQL B. XML 23 IT Certification Guaranteed, The Easy Way! C. JSON Answer: C QUESTION NO: 113 What is required for a macro to accept three arguments? A. The macro's name ends with (3). B. The macro's name starts with (3). C. The macro's argument count setting is 3 or more. D. Nothing, all macros can accept any number of arguments. Answer: A QUESTION NO: 114 What is the correct way to name a macro with two arguments? A. us_sales2 B. us_sales(1,2) C. us_sale,2 D. us_sales(2) Answer: D QUESTION NO: 115 Which of the following searches will return events contains a tag name Privileged? A. Tag= Priv B. Tag= Priv* C. Tag= Priv* D. Tag= Privileged Answer: D QUESTION NO: 116 Which of the following are valid options with the chart command ?(select all that apply) A. usenull=f B. useother=f C. split=t D. transcation=t Answer: A D QUESTION NO: 117 When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used? A. The regex can no longer be edited. B. The field being extracted will be required for all future events. C. The events without the required field will not display in searches. D. Only events with the required string will be included in the extraction. Answer: D 24 IT Certification Guaranteed, The Easy Way! QUESTION NO: 118 When using the Field Extractor (FX), which of the following delimiters will work? (select all that apply) A. Tabs B. Pipes C. Colons D. Spaces Answer: A B D QUESTION NO: 119 When using a field value variable with a Workflow Action, which punctuation mark will escape the data A. * B. ! C. ^ D. # Answer: B QUESTION NO: 120 How many ways are there to access the Field Extractor Utility? A. 3 B. 4 C. 1 D. 5 Answer: A QUESTION NO: 121 Which of the following workflow actions can be executed from search results? (select all that apply) A. GET B. POST C. LOOKUP D. Search Answer: A B D QUESTION NO: 122 Which are valid ways to create an event type? (select all that apply) A. By using the searchtypes command in the search bar. B. By editing the event_type stanza in the props.conf file. C. By going to the Settings menu and clicking Event Types > New. D. By selecting an event in search results and clicking Event Actions > Build Event Type. Answer: C D 25 IT Certification Guaranteed, The Easy Way! QUESTION NO: 123 To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct? A. Index-main | REJECT trans sessionid B. Index-main | transaction sessionid | search REJECT C. Index=main | transaction sessionid | whose transaction=reject D. Index=main | transaction sessionid | where transaction=reject'' Answer: C QUESTION NO: 124 After manually editing; a regular expression (regex), which of the following statements is true? A. Changes made manually can be reverted in the Field Extractor (FX) UI. B. It is no longer possible to edit the field extraction in the Field Extractor (FX) UI. C. It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI. D. The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited. Answer: D QUESTION NO: 125 When a search returns __________, you can view the results as a list. A. a list of events B. transactions C. statistical values Answer: C QUESTION NO: 126 What does the Splunk Common Information Model (CIM) add-on include? (select all that apply) A. Custom visualizations B. Pre-configured data models C. Fields and event category tags D. Automatic data model acceleration Answer: A C QUESTION NO: 127 Data model fields can be added using the Auto-Extracted method. Which of the following statements describe Auto-Extracted fields? (select all that apply) A. Auto-Extracted fields can be hidden in Pivot. B. Auto-Extracted fields can have their data type changed. C. Auto-Extracted fields can be given a friendly name for use in Pivot. D. Auto-Extracted fields can be added if they already exist in the dataset with constraints. 26 IT Certification Guaranteed, The Easy Way! Answer: B QUESTION NO: 128 The Field Extractor (FX) is used to extract a custom field. A report can be created using this custom field. The created report can then be shared with other people in the organization. If another person in the organization runs the shared report and no results are returned, why might this be? (select all that apply) A. Fast mode is enabled. B. The dashboard is private. C. The extraction is privateD. The person in the organization running the report does not have access to the index. Answer: C D QUESTION NO: 129 Which of the following data model are included In the Splunk Common Information Model (CIM) add-on? (select all that apply) A. Alerts B. Email C. Database D. User permissions Answer: A B C QUESTION NO: 130 Which of the following search modes automatically returns all extracted fields in the fields sidebar? A. Fast B. Smart C. Verbose Answer: C QUESTION NO: 131 The gauge command: A. creates a single-value visualization B. allows you to set colored ranges for a single-value visualization C. creates a radial gauge visualization Answer: B QUESTION NO: 132 Which of the following statements describes POST workflow actions? A. POST workflow actions are always encrypted. B. POST workflow actions cannot use field values in their URI. C. POST workflow actions cannot be created on custom sourcetypes. D. POST workflow actions can open a web page in either the same window or a new . 27 IT Certification Guaranteed, The Easy Way! Answer: D 28
