NEW QUESTION 1
Matching search terms are highlighted.

• A. Yes
• B. No

Answer: A

NEW QUESTION 2
Log filtering/parsing can be done from _____.

• A. Index Forwarders (IF)
• B. Universal Forwarders (UF)
• C. Super Forwarder (SF)
• D. Heavy Forwarders (HF)

Answer: D

NEW QUESTION 3
Which of the following is a Splunk search best practice?
Splunk Core Certified User

• A. Filter as early as possible.
• B. Never specify more than one index.
• C. Include as few search terms as possible.
• D. Use wildcards to return more search results.

Answer: A

NEW QUESTION 4
Which search matches the events containing the terms “error” and “fail”?

• A. index=security Error Fail
• B. index=security error OR fail
• C. index=security “error failure”
• D. index=security NOT error NOT fail

Answer: B

NEW QUESTION 5
Which of the following searches will return results where fail, 400, and error exist in every event?

• A. error AND (fail AND 400)
• B. error OR (fail and 400)
• C. error AND (fail OR 400)
• D. error OR fail OR 400

Answer: C

NEW QUESTION 6
What options do you get after selecting timeline? (Choose four.)

• A. Zoom to selection
• B. Format Timeline
• C. Deselect
• D. Delete
• E. Zoom Out

Answer: ABCE

NEW QUESTION 7
Which of the statements are correct about HF? (Choose three.)

• A. Parsing
• B. Masking
• C. Searching
• D. Forwarding

Answer: ABD

NEW QUESTION 8
Which is primary function of the timeline located under the search bar?

• A. To differentiate between structured and unstructured events in the data.
• B. To sort the events returned by the search command in chronological order.
• C. To zoom in and zoom out, although this does not change the scale of the chart.
• D. To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Answer: D

NEW QUESTION 9
What is Splunk?

• A. Splunk is a software platform to search, analyze and visualize the machine-generated data.
• B. Database management tool.
• C. Security Information and Event Management (SIEM).
• D. Cloud based application that help in analyzing logs.

Answer: A

NEW QUESTION 10
There are three different search modes in Splunk (Choose three.):

• A. Automatic
• B. Smart
• C. Fast
• D. Verbose

Answer: BCD

NEW QUESTION 11
Which stats command function provides a count of how many unique values exist for a given field in the result set?

• A. dc(field)
• B. count(field)
• C. count-by(field)
• D. distinct-count(field)

Answer: A

NEW QUESTION 12
What can be included in the All Fields option in the sidebar?

• A. Dashboards
• B. Metadata only
• C. Non-interesting fields
• D. Field descriptions

Answer: D

NEW QUESTION 13
Which of the following is a best practice when writing a search string?

• A. Include all formatting commands before any search terms.
• B. Include at least one function as this is a search requirement.
• C. Include the search terms at the beginning of the search string.
• D. Avoid using formatting clauses, as they add too much overhead.

Answer: D

NEW QUESTION 14
After running a search, what effect does clicking and dragging across the timeline have?

• A. Executes a new search.
• B. Filters current search results.
• C. Moves to past or future events.
• D. Expands the time range of the search.

Answer: C

NEW QUESTION 15
Three basic components of Splunk are (Choose three.):

• A. Forwarders
• B. Deployment Server
• C. Indexer
• D. Knowledge Objects
• E. Index
• F. Search Head

Answer: ACF

NEW QUESTION 16
How can another user gain access to a saved report?

• A. The owner of the report can edit permissions from the Edit dropdown.
• B. Only users with an Admin or Power User role can access other users’ reports.
• C. Anyone can access any reports marked as public within a shared Splunk deployment.
• D. The owner of the report must clone the original report and save it to their user account.

Answer: A

NEW QUESTION 17
Data summary button just below the search bar gives you the following (Choose three.):

• A. Hosts
• B. Sourcetypes
• C. Sources
• D. Indexes

Answer: ABC

NEW QUESTION 18
Which of the following is true about user account settings and preferences?

• A. Search & Reporting is the only app that can be set as the default application.
• B. Full names can only be changed by accounts with a Power User or Admin role.
• C. Time zones are automatically updated based on the setting of the computer accessing Splunk.
• D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

Answer: B

NEW QUESTION 19
Which command is used to review the contents of a specified static lookup file?

• A. lookup
• B. csvlookup
• C. inputlookup
• D. outputlookup

Answer: C

NEW QUESTION 20
What is the purpose of using a by clause with the stats command?

• A. To group the results by one or more fields.
• B. To compute numerical statistics on each field.
• C. To specify how the values in a list are delimited.
• D. To partition the input data based on the split-by fields.

Answer: A

NEW QUESTION 21
Upload option creates inputs.conf

• A. Yes
• B. No

Answer: B

NEW QUESTION 22
What does the following specified time range do?
earliest=-72h@h latest=@d

• A. Look back 3 days ago and prior.
• B. Look back 72 hours, up to one day ago.
• C. Look back 72 hours, up to the end of today.
• D. Look back from 3 days ago, up to the beginning of today.

Answer: C

NEW QUESTION 23
In monitor option you can select the following options in GUI.

• A. Only HTTP Event Collector (HEC) and TCP/UDP
• B. None of the above
• C. Only TCP/UDP
• D. Only Scripts
• E. Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts

Answer: E

NEW QUESTION 24
......