Twój wynik: Splunk
Twój wynik
Wszystkie ({{dataStorage.userResults.answersTotal}})
Prawidłowe ({{dataStorage.userResults.answersGood}})
Błędne ({{dataStorage.userResults.answersBad}})
Pytanie 1
Which of the following Splunk components typically resides on the machines where data originates?
Indexer
Forwarder
Search head
Deployment server
Pytanie 2
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
(index=netfw failure) OR index=netops OR (warn OR critical)
(index=netfw failure) AND (index=netops (warn OR critical))
(index=netfw failure) AND index=netops warn OR critical
(index=netfw failure) OR (index=netops (warn OR critical))
Pytanie 3
Select the answer that displays the accurate placing of the pipe in the following search string:
index=security sourcetype=access_* status=200 stats count by price
index=security sourcetype=access_* status=200 | stats count by price
index=security sourcetype=access_* | status=200 | stats count by price
index=security sourcetype=access_* status=200 stats | count by price
index=security sourcetype=access_* status=200 | stats count | by price
Pytanie 4
Which of the following represents the Splunk recommended naming convention for dashboards?
Group_Object_Description
Object_Group_Description
Group_Description_Object
Description_Group_Object
Pytanie 5
How can search results be kept longer than 7 days?
By scheduling a report.
By changing the time range picker to more than 7 days.
By creating a link to the job.
By changing the job settings.
Pytanie 6
Which of the following is a Splunk search best practice?
Never specify more than one index.
Use wildcards to return more search results.
Filter as early as possible.
Include as few search terms as possible.
Pytanie 7
When displaying results of a search, which of the following is true about line charts?
Line charts are optimal for single series when using Fast mode.
Line charts are optimal for single and multiple series.
Line charts are optimal for multiple series with 3 or more columns.
Line charts are optimal for multiseries searches with at least 2 or more columns
Pytanie 8
How are events displayed after a search is executed?
Randomly by default.
In chronological order
Alphabetically according to field name.
In reverse chronological order.
Pytanie 9
Which of the following is true about user account settings and preferences?
Full names can only be changed by accounts with a Power User or Admin role.
Search & Reporting is the only app that can be set as the default application.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Pytanie 10
After running a search, what effect does clicking and dragging across the timeline have?
Executes a new search.
Expands the time range of the search.
Filters current search results.
Moves to past or future events.
Pytanie 11
What must be done in order to use a lookup table in Splunk?
The lookup must be configured to run automatically.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion
The lookup file must be uploaded to Splunk and a lookup definition must be created.
The contents of the lookup file must be copied and pasted into the search bar.
Pytanie 12
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
|
,
!
$
Pytanie 13
Which of the following statements about case sensitivity is true?
Field names ARE case sensitive; field values are NOT.
Both field names and field values ARE case sensitive.
Both field names and field values ARE NOT case sensitive.
Field values ARE case sensitive; field names ARE NOT.
Pytanie 14
What does the rare command do?
Returns the least common field values of a given field in the results.
Returns the most common field values of a given field in the results.
Returns the top 10 field values of a given field in the results.
Returns the lowest 10 field values of a given field in the results.
Pytanie 15
What does the values function of the stats command do?
Lists all values of a given field.
Lists unique values of a given field.
Returns the number of events that match the search.
Returns a count of unique values for a given field.
Pytanie 16
How do you add or remove fields from search results?
Use table +to add and table -to remove.
Use fields Plus to add and fields Minus to remove.
Use fields +to add and fields –to remove.
Use field +to add and field -to remove.
Pytanie 17
What is the main requirement for creating visualizations using the Splunk UI?
Your search must transform event data into JSON formatted data first.
Your search must transform event data into XML formatted data first.
Your search must transform event data into Excel file format first.
Your search must transform event data into statistical data tables first.
Pytanie 18
What syntax is used to link key/value pairs in search strings?
action+purchase
action | purchase
action equal purchase
action=purchase
Pytanie 19
What user interface component allows for time selection?
Time summary
Time range picker
Data source time statistics
Search time picker
Pytanie 20
How does Splunk determine which fields to extract from data?
Splunk automatically extracts any fields that generate interesting visualizations.
Splunk only extracts the most interesting data from the last 24 hours.
Splunk only extracts fields users have manually specified in their data.
Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.
Pytanie 21
What syntax is used to link key/value pairs in search strings?
@ or # symbols
Quotation marks
Parentheses
Relational operators such as =, <, or >
Pytanie 22
Which search string returns a filed containing the number of matching events and names that field Event Count?
index=security failure | stats count as “Event Count”
index=security failure | stats sum as “Event Count”
index=security failure | stats dc(count) as “Event Count”
index=security failure | stats count by “Event Count”
Pytanie 23
Which of the following index searches would provide the most efficient search performance?
(index=web OR index=sales)
index=web OR index=s*
index=*
*index=sales AND index=web*
Pytanie 24
What is a suggested Splunk best practice for naming reports?
Reports are best named using many numbers so they can be more easily sorted.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
Pytanie 25
Which of the following are functions of the stats command?
count, sum, add
count, sum, less
sum, values, table
sum, avg, values
Pytanie 26
At index time, in which field does Splunk store the timestamp value?
EventTime
_time
time
timestamp
Pytanie 27
When looking at a dashboard panel that is based on a report, which of the following is true?
You can modify the search string in the panel, and you can change and configure the visualization.
You cannot modify the search string in the panel, but you can change and configure the visualization.
You can modify the search string in the panel, but you cannot change and configure the visualization.
You cannot modify the search string in the panel, and you cannot change and configure the visualization
Pytanie 28
What is a primary function of a scheduled report?
Regularly scheduled archiving to keep disk space use low.
Auto-detect changes in performance.
Triggering an alert in your Splunk instance when certain conditions are met.
Auto-generated PDF reports of overall data trends.
Pytanie 29
Which command is used to review the contents of a specified static lookup file?
lookup
outputlookup
inputlookup
csvlookup
Pytanie 30
Which stats command function provides a count of how many unique values exist for a given field in the result set?
count(field)
dc(field)
distinct-count(field)
count-by(field)
Pytanie 31
A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?
A role
An app
JSON
An enhanced solution
Pytanie 32
Which statement is true about Splunk alerts?
Alerts are based on searches and require cron to run on scheduled interval.
Alerts are based on searches that are run exclusively as real-time.
Alerts are based on searches that are either run on a scheduled interval or in real-time.
Alerts are based on searches and when triggered will only send an email notification.
Pytanie 33
What is the purpose of using a by clause with the stats command?
To partition the input data based on the split-by fields.
To specify how the values in a list are delimited.
To group the results by one or more fields.
To compute numerical statistics on each field.
Pytanie 34
In the fields sidebar, which character denotes alphanumeric field values?
a
%
a#
#
Pytanie 35
Which of the following searches will return results where fail, 400, and error exist in every event?
error OR fail OR 400
error OR (fail and 400)
error AND (fail OR 400)
error AND (fail AND 400)
Pytanie 36
When placed early in a search, which command is most effective at reducing search execution time?
rename
dedup
sort –
fields +
Pytanie 37
Which of the following is the most efficient filter for running searches in Splunk?
Time
Fast mode
Sourcetype
Selected Fields
Pytanie 38
Which of the following is a best practice when writing a search string?
Include the search terms at the beginning of the search string.
Include all formatting commands before any search terms.
Avoid using formatting clauses, as they add too much overhead.
Include at least one function as this is a search requirement.
Pytanie 39
What type of search can be saved as a report?
Only searches that generate statistics or visualizations.
Any search can be saved as a report.
Only searches that generate visualizations.
Only searches containing a transforming command.
Pytanie 40
What can be included in the All Fields option in the sidebar?
Dashboards
Field descriptions
Metadata only
Non-interesting fields
Pytanie 41
When viewing the results of a search, what is an Interesting Field?
A field that appears in every event.
A field that appears in any event.
A field that appears in at least 20% of the events.
A field that appears in the top 10 events.
Pytanie 42
When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported?
CSV, XML, JSON
Raw Events, XML, JSON
CSV, JSON, PDF
Raw Events, CSV, XML, JSON
Pytanie 43
Which search matches the events containing the terms “error” and “fail”?
index=security error OR fail
index=security Error Fail
index=security “error failure”
index=security NOT error NOT fail
Pytanie 44
Which of the following fields is stored with the events in the index?
sourceIp
source
user
location
Pytanie 45
Which of the following is the recommended way to create multiple dashboards displaying data from the same search?
Save the search as a dashboard panel for each dashboard that needs the data.
Export the results of the search to an XML file and use the file as the basis of the dashboards.
Save the search as a scheduled alert and use it in multiple dashboards as needed.
Save the search as a report and use it in multiple dashboards as needed.
Pytanie 46
What does the following specified time range do?
earliest=-72h@h latest=@d
Look back from 3 days ago, up to the beginning of today
Look back 3 days ago and prior.
Look back 72 hours, up to one day ago.
Look back 72 hours, up to the end of today
Pytanie 47
Which events will be returned by the following search string?
host=www3 status=503
All events that either have a host of www3 or a status of 503.
We need more information; we cannot tell without knowing the time range.
We need more information; a search cannot be run without specifying an index.
All events with a host of www3 that also have a status of 503.
Pytanie 48
What does the stats command do?
Automatically correlates related fields.
Converts field values into numerical values.
Calculates statistics on data that matches the search criteria.
Analyzes numerical fields for their ability to predict another discrete field.
Pytanie 49
Which is primary function of the timeline located under the search bar?
To zoom in and zoom out, although this does not change the scale of the chart.
To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.
To differentiate between structured and unstructured events in the data.
To sort the events returned by the search command in chronological order.
Pytanie 50
What can be configured using the Edit Job Settings menu?
Schedule the Job to re-run in 10 minutes.
Change Job Lifetime from 10 minutes to 7 days.
Export the result to CSV format.
Add the Job results to a dashboard.
Pytanie 51
Which command is used to validate a lookup file?
| inputlookup products.csv
| lookup products.csv
inputlookup products.csv
| lookup_definition products.csv
Pytanie 52
How can another user gain access to a saved report?
Anyone can access any reports marked as public within a shared Splunk deployment.
The owner of the report can edit permissions from the Edit dropdown.
Only users with an Admin or Power User role can access other users’ reports.
The owner of the report must clone the original report and save it to their user account.
Pytanie 53
What is the primary use for the rare command?
To find the least common values of a field in a dataset.
To return only fields containing five of fewer values.
To find the fields with the fewest number of values across a dataset.
To sort field values in descending order.
Pytanie 54
What happens when a field is added to the Selected Fields list in the fields sidebar?
Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
The selected field and its corresponding values will appear underneath the events in the search results.
Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
Pytanie 55
Three basic components of Splunk are (Choose three.):
Deployment Server
Forwarders
Indexer
Search Head
Index
Knowledge Objects
Pytanie 56
What is Splunk?
Cloud based application that help in analyzing logs.
Security Information and Event Management (SIEM).
Database management tool.
Splunk is a software platform to search, analyze and visualize the machine-generated data.
Pytanie 57
Splunk Enterprise is used as a Scalable service in Splunk Cloud.
False
True
Pytanie 58
Which component of Splunk let us write SPL query to find the required data?
Forwarders
Search head
Indexer
Heavy Forwarders
Pytanie 59
All components are installed and administered in Splunk Enterprise on-premise.
True
False
Pytanie 60
Which is the default app for Splunk Enterprise?
Searching and Reporting
Reporting and Searching
Splunk apps for Security
Splunk Enterprise Security Suite
Pytanie 61
Portal for Splunk apps can be accessed through www.splunkbase.com
False
True
Pytanie 62
Splunk shows data in __________________.
Alphanumeric order.
Chronological order.
ASCII Character order.
Reverse chronological order.
Pytanie 63
What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?
the_questionnaire_pedia
the_questionnaire pedia
the_questionnaire Pedia
the_questionnaire _pedia
Pytanie 64
Forward Option gather and forward data to indexers over a receiving port from remote machines.
True
False
Pytanie 65
You can on-board data to Splunk using following means (Choose four.):
CLI
inputs.conf
Splunk apps and add-ons
Props
Splunk Web
indexes.conf
savedsearches.conf
Pytanie 66
Data sources being opened and read applies to:
Indexing Phase
None of the above
License Metering
Parsing Phase
Input Phase
Pytanie 67
Select the correct option that applies to Index time processing (Choose three.).
Searching
Parsing
Settings
Indexing
Input
Pytanie 68
Parsing of data can happen both in HF and UF.
Yes
No
Pytanie 69
Upload option creates inputs.conf
No
Yes
Pytanie 70
Splunk index time process can be broken down into __________ phases.
1
2
4
3
Pytanie 71
In monitor option you can select the following options in GUI.
Only HTTP Event Collector (HEC) and TCP/UDP
None of the above
Only Scripts
Only TCP/UDP
Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts
Pytanie 72
Which of the statements are correct about HF? (Choose three.)
Parsing
Masking
Searching
Forwarding
Pytanie 73
Where does Licensing meter happen?
Input
Indexer
Heavy Forwarder
Parsing
Pytanie 74
Matching search terms are highlighted.
No
Yes
Pytanie 75
The default host name used in Inputs general settings can not be changed.
True
False
Pytanie 76
You are able to create new Index in Data Input settings.
No
Yes
Pytanie 77
Splunk Parses data into individual events, extracts time, and assigns metadata.
True
False
Pytanie 78
Which symbol is used to snap the time?
@
#
*
&
Pytanie 79
There are three different search modes in Splunk (Choose three.):
Smart
Verbose
Automatic
Fast
Pytanie 80
Keywords are highlighted when you mouse over search results and you can click this search result to (Choose three.):
None of the above.
Open new search.
Add the item to search.
Exclude the item from search.
Pytanie 81
You can view the search result in following format (Choose three.):
Pie Chart
Raw
List
Table
Pytanie 82
Data summary button just below the search bar gives you the following (Choose three.):
Sources
Hosts
Indexes
Sourcetypes
Pytanie 83
What options do you get after selecting timeline? (Choose four.)
Format Timeline
Zoom Out
Delete
Deselect
Zoom to selection
Pytanie 84
Which time range picker configuration would return real-time events for the past 30 seconds?
Preset - Relative: 30-seconds ago
Advanced - Earliest: 30-seconds ago, Latest: Now
Real-time - Earliest: 30-seconds ago, Latest: Now
Relative - Earliest: 30-seconds ago, Latest: Now