Demo Questions

Question 1
Which command is used to review the contents of a specified static lookup file?
  1. lookup
  2. csvlookup
  3. inputlookup
  4. outputlookup
Correct answer: C
Question 2
A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?
  1. An app
  2. JSON
  3. A role
  4. An enhanced solution
Correct answer: A
Question 3
Which statement is true about Splunk alerts?
  1. Alerts are based on searches that are either run on a scheduled interval or in real-time.
  2. Alerts are based on searches and when triggered will only send an email notification.
  3. Alerts are based on searches and require cron to run on scheduled interval.
  4. Alerts are based on searches that are run exclusively as real-time.
Correct answer: A
Question 4
What is the purpose of using a by clause with the stats command?
  1. To group the results by one or more fields.
  2. To compute numerical statistics on each field.
  3. To specify how the values in a list are delimited.
  4. To partition the input data based on the split-by fields.
Correct answer: A
Question 5
Which of the following searches will return results where fail, 400, and error exist in every event?
  1. error AND (fail AND 400)
  2. error OR (fail and 400)
  3. error AND (fail OR 400)
  4. error OR fail OR 400
Correct answer: C
Question 6
When placed early in a search, which command is most effective at reducing search execution time?
  1. dedup
  2. rename
  3. sort -
  4. fields +
Correct answer: A
Question 7
Which of the following is the most efficient filter for running searches in Splunk?
  1. Time
  2. Fast mode
  3. Sourcetype
  4. Selected Fields
Correct answer: C
Question 8
When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported? 
  3. Raw Events, XML, JSON
  4. Raw Events, CSV, XML, JSON
Correct answer: B
Question 9
What does the stats command do?
  1. Automatically correlates related fields.
  2. Converts field values into numerical values.
  3. Calculates statistics on data that matches the search criteria.
  4. Analyzes numerical fields for their ability to predict another discrete field.
Correct answer: C
Question 10
Which is primary function of the timeline located under the search bar?
  1. To differentiate between structured and unstructured events in the data.
  2. To sort the events returned by the search command in chronological order.
  3. To zoom in and zoom out, although this does not change the scale of the chart.
  4. To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.
Correct answer: D

