Package deal
Splunk Tests Bundle Set
Splunk Tests Bundle Set
[Show more]Splunk Tests Bundle Set
[Show more]Start your Preparation for Splunk SPLK-3001 and become Splunk Enterprise Security Certified Admin certified with CertF. Here you get online practice tests prepared and approved by Splunk certified experts based on their own certification exam experience. Here, you also get the detailed and regularly...
Preview 1 out of 4 pages
Add to cartStart your Preparation for Splunk SPLK-3001 and become Splunk Enterprise Security Certified Admin certified with CertF. Here you get online practice tests prepared and approved by Splunk certified experts based on their own certification exam experience. Here, you also get the detailed and regularly...
A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and the...
Preview 4 out of 31 pages
Add to cartA customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and the...
Splunk SPLK-3001 Exam-2 questions with correct answers
Preview 2 out of 13 pages
Add to cartSplunk SPLK-3001 Exam-2 questions with correct answers
Which of the following threat intelligence types can ES download? (Choose all that apply.) 
· A. Text 
· B. STIX/TAXII 
· C. VulnScanSPL 
· D. SplunkEnterpriseThreatGenerator CORRECT ANSWER Text and STIX/TAXII 
 
When investigating, what is the best way to store a newly-found IOC? 
 
A. Paste it...
Preview 4 out of 33 pages
Add to cartWhich of the following threat intelligence types can ES download? (Choose all that apply.) 
· A. Text 
· B. STIX/TAXII 
· C. VulnScanSPL 
· D. SplunkEnterpriseThreatGenerator CORRECT ANSWER Text and STIX/TAXII 
 
When investigating, what is the best way to store a newly-found IOC? 
 
A. Paste it...
with correct answers 
The Add-On Builder creates Splunk Apps that start with what? 
A. DA- 
B. SA- 
C. TA- 
D. App- CORRECT ANSWER C. TA- 
 
Which of the following are examples of sources for events in the endpoint security domain dashboards? 
A. REST API invocations. 
B. Investigation final results...
Preview 3 out of 25 pages
Add to cartwith correct answers 
The Add-On Builder creates Splunk Apps that start with what? 
A. DA- 
B. SA- 
C. TA- 
D. App- CORRECT ANSWER C. TA- 
 
Which of the following are examples of sources for events in the endpoint security domain dashboards? 
A. REST API invocations. 
B. Investigation final results...
Indexes CORRECT ANSWER notable = notable events created by correlation searches 
 
gia_summary = for Sec Intel > User Intel > Access Anomalies dashboard, filled by "Access - Geographically Improbable Access - Summary Gen" 
 
threat_activity = threat gen search matches(every 5 min) 
 
Roles C...
Preview 2 out of 7 pages
Add to cartIndexes CORRECT ANSWER notable = notable events created by correlation searches 
 
gia_summary = for Sec Intel > User Intel > Access Anomalies dashboard, filled by "Access - Geographically Improbable Access - Summary Gen" 
 
threat_activity = threat gen search matches(every 5 min) 
 
Roles C...
Splunk Enterprise Security questions with correct answers
Preview 2 out of 7 pages
Add to cartSplunk Enterprise Security questions with correct answers
Administering Splunk Enterprise Security 5.2 questions with correct answers
Preview 4 out of 35 pages
Add to cartAdministering Splunk Enterprise Security 5.2 questions with correct answers
Splunk Validated Architectures (SVA) CORRECT ANSWER S = Single 
D = Distributed 
C = Clustered Indexer Tier 
M = Multi-site cluster 
 
1 = 1SH 
2 = 2 or more SH 
3 = SH Cluster 
4 = Stretched SHC 
10+ = ES App 
 
12 = SH + ES SH 
13 = SHC + ES SHC 
 
High Availability CORRECT ANSWER IDX/SH Clusterin...
Preview 2 out of 12 pages
Add to cartSplunk Validated Architectures (SVA) CORRECT ANSWER S = Single 
D = Distributed 
C = Clustered Indexer Tier 
M = Multi-site cluster 
 
1 = 1SH 
2 = 2 or more SH 
3 = SH Cluster 
4 = Stretched SHC 
10+ = ES App 
 
12 = SH + ES SH 
13 = SHC + ES SHC 
 
High Availability CORRECT ANSWER IDX/SH Clusterin...
Which setting in allows data retention to be controlled by time? 
 
A. maxDaysToKeep 
B. moveToFrozenAfter 
C. maxDataRetentionTime 
D. frozenTimePeriodInSecs CORRECT ANSWER D. frozenTimePeriodInSecs 
 
Reference: 
 
The universal forwarder has which capabilities when sending data? (Choose all that...
Preview 4 out of 48 pages
Add to cartWhich setting in allows data retention to be controlled by time? 
 
A. maxDaysToKeep 
B. moveToFrozenAfter 
C. maxDataRetentionTime 
D. frozenTimePeriodInSecs CORRECT ANSWER D. frozenTimePeriodInSecs 
 
Reference: 
 
The universal forwarder has which capabilities when sending data? (Choose all that...
Which Splunk component receives, indexes, and stores incoming data from forwarders? 
a) Indexer 
b) Search head 
c) Cluster master 
d) Deployment server CORRECT ANSWER Indexer 
 
Which license type allows 500MB/day of indexing, but disables alerts, authentication, cluster, distributed search, summar...
Preview 4 out of 31 pages
Add to cartWhich Splunk component receives, indexes, and stores incoming data from forwarders? 
a) Indexer 
b) Search head 
c) Cluster master 
d) Deployment server CORRECT ANSWER Indexer 
 
Which license type allows 500MB/day of indexing, but disables alerts, authentication, cluster, distributed search, summar...
101 
Which of the following accurately describes HTTP Event Collector indexer acknowledgement? 
A. It requires a separate channel provided by the client. 
B. It is configured the same as indexer acknowledgement used to protect in-flight data. 
C. It can be enabled at the global setting level. 
D. It...
Preview 2 out of 14 pages
Add to cart101 
Which of the following accurately describes HTTP Event Collector indexer acknowledgement? 
A. It requires a separate channel provided by the client. 
B. It is configured the same as indexer acknowledgement used to protect in-flight data. 
C. It can be enabled at the global setting level. 
D. It...
Preview 4 out of 46 pages
Add to cartSplunk 1003 questions with correct answers
Preview 3 out of 24 pages
Add to cartSplunk 1003 questions with correct answers
Which setting in allows data retention to be controlled by time? CORRECT ANSWER frozenTimePeriodInSecs 
 
The universal forwarder has which capabilities when sending data? (2 answers) CORRECT ANSWER Compressing data 
Indexer acknowledgement 
 
In case of a conflict between a whitelist and a blackli...
Preview 4 out of 31 pages
Add to cartWhich setting in allows data retention to be controlled by time? CORRECT ANSWER frozenTimePeriodInSecs 
 
The universal forwarder has which capabilities when sending data? (2 answers) CORRECT ANSWER Compressing data 
Indexer acknowledgement 
 
In case of a conflict between a whitelist and a blackli...
command for restarting just the splunk webserver CORRECT ANSWER splunk start splunkweb 
 
command for restarting just the splunk daemon CORRECT ANSWER splunk start splunkd 
 
command to check for running splunk processes on *nix CORRECT ANSWER ps aux | grep splunk 
 
run this as root to update your ...
Preview 1 out of 4 pages
Add to cartcommand for restarting just the splunk webserver CORRECT ANSWER splunk start splunkweb 
 
command for restarting just the splunk daemon CORRECT ANSWER splunk start splunkd 
 
command to check for running splunk processes on *nix CORRECT ANSWER ps aux | grep splunk 
 
run this as root to update your ...
Within , which stanzas are valid for data modification? (select all that apply) 
 
A. Host 
B. Server 
C. Source 
D. Sourcetype CORRECT ANSWER ANSWER: ACD 
 
The universal forwarder has which capabilities when sending data? 
 
A. Sending alerts 
B. Compressing Data 
C. Obfuscating/hiding data 
D. I...
Preview 3 out of 23 pages
Add to cartWithin , which stanzas are valid for data modification? (select all that apply) 
 
A. Host 
B. Server 
C. Source 
D. Sourcetype CORRECT ANSWER ANSWER: ACD 
 
The universal forwarder has which capabilities when sending data? 
 
A. Sending alerts 
B. Compressing Data 
C. Obfuscating/hiding data 
D. I...
Which installer will you use to install the Search Head? 
 
a) Splunk Enterprise 
b) Splunk Universal Forwarder CORRECT ANSWER a) Splunk Enterprise 
 
When you install Splunk on a Windows OS, you also have to configure the boot-start. 
 
True or False CORRECT ANSWER False. You only need to do that o...
Preview 4 out of 38 pages
Add to cartWhich installer will you use to install the Search Head? 
 
a) Splunk Enterprise 
b) Splunk Universal Forwarder CORRECT ANSWER a) Splunk Enterprise 
 
When you install Splunk on a Windows OS, you also have to configure the boot-start. 
 
True or False CORRECT ANSWER False. You only need to do that o...
Splunk Data Admin questions with correct answers
Preview 2 out of 15 pages
Add to cartSplunk Data Admin questions with correct answers
When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens 
when the require option is used? 
 
A. The regex can no longer be edited. 
B. The field being extracted will be required for all future events. 
C. The events without the required field will n...
Preview 3 out of 27 pages
Add to cartWhen performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens 
when the require option is used? 
 
A. The regex can no longer be edited. 
B. The field being extracted will be required for all future events. 
C. The events without the required field will n...
which parent directory contains the configuration files in Splunk? CORRECT ANSWER $SPLUNK_HOME/etc 
 
where can scripts for scripted inputs reside on the host file system? CORRECT ANSWER $SPLUNK_HOME/bin/scripts 
$SPLUNK_HOME/etc/system/bin 
 
In which Splunk configuration is the SEDCMD used CORRECT...
Preview 3 out of 23 pages
Add to cartwhich parent directory contains the configuration files in Splunk? CORRECT ANSWER $SPLUNK_HOME/etc 
 
where can scripts for scripted inputs reside on the host file system? CORRECT ANSWER $SPLUNK_HOME/bin/scripts 
$SPLUNK_HOME/etc/system/bin 
 
In which Splunk configuration is the SEDCMD used CORRECT...
A calculated field maybe based on which of the following? 
A. Lookup tables 
B. Extracted fields 
C. Regular expressions 
D. Fields generated within a search string CORRECT ANSWER B. Extracted fields 
 
Which are valid ways to create an event type? (select all that apply) 
A. By using the searchtype...
Preview 4 out of 37 pages
Add to cartA calculated field maybe based on which of the following? 
A. Lookup tables 
B. Extracted fields 
C. Regular expressions 
D. Fields generated within a search string CORRECT ANSWER B. Extracted fields 
 
Which are valid ways to create an event type? (select all that apply) 
A. By using the searchtype...
Admin, Power, User CORRECT ANSWER Out of the box there are 3 main roles 
 
Click Data Summary in the Searching & Reporting app CORRECT ANSWER How can you view all sourcetypes? 
 
Host, Sources, and Sourcetypes on separate tabs CORRECT ANSWER What is shown in the Data Summary? 
 
The local timezone s...
Preview 2 out of 7 pages
Add to cartAdmin, Power, User CORRECT ANSWER Out of the box there are 3 main roles 
 
Click Data Summary in the Searching & Reporting app CORRECT ANSWER How can you view all sourcetypes? 
 
Host, Sources, and Sourcetypes on separate tabs CORRECT ANSWER What is shown in the Data Summary? 
 
The local timezone s...
What is the only writeable bucket type? 
hot bucket 
warm bucket 
cold bucket CORRECT ANSWER The hot bucket 
 
By what filter are indexes divided into buckets? 
by time 
by name 
by source 
by host CORRECT ANSWER By time 
 
What are the 4 types of searches in Splunk (by performance) 
dense 
sparse ...
Preview 3 out of 18 pages
Add to cartWhat is the only writeable bucket type? 
hot bucket 
warm bucket 
cold bucket CORRECT ANSWER The hot bucket 
 
By what filter are indexes divided into buckets? 
by time 
by name 
by source 
by host CORRECT ANSWER By time 
 
What are the 4 types of searches in Splunk (by performance) 
dense 
sparse ...
Which search string only returns events from hostWWW3? 
 
A. host=* 
B. host=WWW3 
C. host=WWW* 
D. Host=WWW3 CORRECT ANSWER B. host=WWW3 
 
Asking for events ONLY 
 
By default, how long does Splunk retain a search job? 
 
A. 10 Minutes 
B. 15 Minutes 
C. 1 Day 
D. 7 Days CORRECT ANSWER A. 10 minut...
Preview 4 out of 64 pages
Add to cartWhich search string only returns events from hostWWW3? 
 
A. host=* 
B. host=WWW3 
C. host=WWW* 
D. Host=WWW3 CORRECT ANSWER B. host=WWW3 
 
Asking for events ONLY 
 
By default, how long does Splunk retain a search job? 
 
A. 10 Minutes 
B. 15 Minutes 
C. 1 Day 
D. 7 Days CORRECT ANSWER A. 10 minut...
Splunk core certified user exam questions with correct answers
Preview 2 out of 13 pages
Add to cartSplunk core certified user exam questions with correct answers
1.1 Performing Statistical analysis with stats function 
 
What does the stdev command do? Used only with stats CORRECT ANSWER standard deviation (measure of the extent of deviation of the values) 
 
1.1 Performing Statistical analysis with stats function 
 
What does the var command do? Used only w...
Preview 4 out of 36 pages
Add to cart1.1 Performing Statistical analysis with stats function 
 
What does the stdev command do? Used only with stats CORRECT ANSWER standard deviation (measure of the extent of deviation of the values) 
 
1.1 Performing Statistical analysis with stats function 
 
What does the var command do? Used only w...
What must be done before an automatic lookup can be created? (Choose all that apply.) 
A. The lookup command must be used. 
B. The lookup definition must be created. 
C. The lookup file must be uploaded to Splunk. 
D. The lookup file must be verified using the inputlookup command. CORRECT ANSWER B 
...
Preview 2 out of 13 pages
Add to cartWhat must be done before an automatic lookup can be created? (Choose all that apply.) 
A. The lookup command must be used. 
B. The lookup definition must be created. 
C. The lookup file must be uploaded to Splunk. 
D. The lookup file must be verified using the inputlookup command. CORRECT ANSWER B 
...
Which Field/Value pair will return only events found in the index named security? 
 
A: Index=Security 
B: index=Security 
C: Index=security 
D: index!=Security CORRECT ANSWER index=Security 
 
Which statement describes field discovery at search time? 
 
A: Splunk automatically discovers only numeri...
Preview 4 out of 65 pages
Add to cartWhich Field/Value pair will return only events found in the index named security? 
 
A: Index=Security 
B: index=Security 
C: Index=security 
D: index!=Security CORRECT ANSWER index=Security 
 
Which statement describes field discovery at search time? 
 
A: Splunk automatically discovers only numeri...
Which of the following Splunk components typically resides on the machines where data originates? 
 
A. Indexer 
B. Forwarder 
C. Search head 
D. Deployment server CORRECT ANSWER B. Forwarder 
 
Which of the following searches would return events with failure in index netfw or warn or critical in in...
Preview 3 out of 27 pages
Add to cartWhich of the following Splunk components typically resides on the machines where data originates? 
 
A. Indexer 
B. Forwarder 
C. Search head 
D. Deployment server CORRECT ANSWER B. Forwarder 
 
Which of the following searches would return events with failure in index netfw or warn or critical in in...
Core User - Set 4 (SPLK-1001) questions with correct answers
Preview 1 out of 3 pages
Add to cartCore User - Set 4 (SPLK-1001) questions with correct answers
1. How can another user gain access to saved report? CORRECT ANSWER The owner of the report can edit permissions from the Edit dropdown. 
 
1. What happens when a field is added to selected fields list in the field sidebar? CORRECT ANSWER The selected field and its corresponding value will appear un...
Preview 3 out of 22 pages
Add to cart1. How can another user gain access to saved report? CORRECT ANSWER The owner of the report can edit permissions from the Edit dropdown. 
 
1. What happens when a field is added to selected fields list in the field sidebar? CORRECT ANSWER The selected field and its corresponding value will appear un...
How can another user gain access to a saved report? CORRECT ANSWER Anyone can access any reports marked as public within a shared splunk deployment 
 
What happens when a field is added to selected fields list is the field sidebar? CORRECT ANSWER The selected field and it's corresponding value will...
Preview 2 out of 8 pages
Add to cartHow can another user gain access to a saved report? CORRECT ANSWER Anyone can access any reports marked as public within a shared splunk deployment 
 
What happens when a field is added to selected fields list is the field sidebar? CORRECT ANSWER The selected field and it's corresponding value will...
Splunk Core User Practice Exam questions with correct answers
Preview 3 out of 28 pages
Add to cartSplunk Core User Practice Exam questions with correct answers
Splunk Core User Certification questions with correct answers
Preview 1 out of 3 pages
Add to cartSplunk Core User Certification questions with correct answers
MODULE 1: WHAT IS MACHINE DATA - Machine data makes up for more than ___% of the data accumulated by organizations. CORRECT ANSWER 90% 
 
MODULE 1: WHAT IS MACHINE DATA - Machine data is always structured. CORRECT ANSWER False 
 
MODULE 1: WHAT IS MACHINE DATA - Machine data is only generated by web...
Preview 2 out of 7 pages
Add to cartMODULE 1: WHAT IS MACHINE DATA - Machine data makes up for more than ___% of the data accumulated by organizations. CORRECT ANSWER 90% 
 
MODULE 1: WHAT IS MACHINE DATA - Machine data is always structured. CORRECT ANSWER False 
 
MODULE 1: WHAT IS MACHINE DATA - Machine data is only generated by web...
Which one of the following statements about the search command is true? CORRECT ANSWER It behaves exactly like search strings before the first pipe. 
 
Which of the following actions can the eval command perform? CORRECT ANSWER Create or replace an existing field. 
 
When can a pipe follow a macro? ...
Preview 3 out of 23 pages
Add to cartWhich one of the following statements about the search command is true? CORRECT ANSWER It behaves exactly like search strings before the first pipe. 
 
Which of the following actions can the eval command perform? CORRECT ANSWER Create or replace an existing field. 
 
When can a pipe follow a macro? ...
Which one of the following statements about the search command is true? 
 
A. It does not allow the use of wildcards. 
B. It treats field values in a case-sensitive manner. 
C. It can only be used at the beginning of the search pipeline. 
D. It behaves exactly like search strings before the first pi...
Preview 3 out of 23 pages
Add to cartWhich one of the following statements about the search command is true? 
 
A. It does not allow the use of wildcards. 
B. It treats field values in a case-sensitive manner. 
C. It can only be used at the beginning of the search pipeline. 
D. It behaves exactly like search strings before the first pi...
Selected fields are displayed ________ each event in the results. 
 
a. below 
b. interesting fields 
c. other fields 
d. above CORRECT ANSWER a. below 
 
Search terms are not case sensitive. (T/F) CORRECT ANSWER True 
 
These two searches will NOT return the same results. 
SEARCH 1:login failure S...
Preview 3 out of 22 pages
Add to cartSelected fields are displayed ________ each event in the results. 
 
a. below 
b. interesting fields 
c. other fields 
d. above CORRECT ANSWER a. below 
 
Search terms are not case sensitive. (T/F) CORRECT ANSWER True 
 
These two searches will NOT return the same results. 
SEARCH 1:login failure S...
Splunk SPLK-1002 questions with correct answers
Preview 3 out of 17 pages
Add to cartSplunk SPLK-1002 questions with correct answers
SPLUNK SPLK – 1002 questions with correct answers
Preview 4 out of 33 pages
Add to cartSPLUNK SPLK – 1002 questions with correct answers
Calculated fields can be based on which of the following? 
 
A. Tags 
B. Extracted fields 
C. Output fields for a lookup 
D. Fields generated from a search string CORRECT ANSWER Extracted fields 
 
Which of the following eval command functions is valid? 
 
A. int( ) 
B. count( ) 
C. print( ) 
D. tos...
Preview 4 out of 46 pages
Add to cartCalculated fields can be based on which of the following? 
 
A. Tags 
B. Extracted fields 
C. Output fields for a lookup 
D. Fields generated from a search string CORRECT ANSWER Extracted fields 
 
Which of the following eval command functions is valid? 
 
A. int( ) 
B. count( ) 
C. print( ) 
D. tos...
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Stuvia is a marketplace, so you are not buying this document from us, but from seller cracker. Stuvia facilitates payment to the seller.
No, you only buy these notes for $55.99. You're not tied to anything after your purchase.
4.6 stars on Google & Trustpilot (+1000 reviews)
71947 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now