Exam Splunk Core Certified Power User
Number SPLK-1002
File Name Splunk Core Certified Power User.test4prep.SPLK-1002.2020-06-09.1e.25q.vcex
Size 173 Kb
Posted June 09, 2020
Demo Questions

Question 1
Which one of the following statements about the search command is true?

  • A: It does not allow the use of wildcards.
  • B: It treats field values in a case-sensitive manner.
  • C: It can only be used at the beginning of the search pipeline. 
  • D: It behaves exactly like search strings before the first pipe.

Question 2
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)

  • A: Events datasets
  • B: Search datasets
  • C: Transaction datasets
  • D: Any child of event, transaction, and search datasets

Question 3
Which group of users would most likely use pivots?

  • A: Users
  • B: Architects
  • C: Administrators
  • D: Knowledge Managers

Question 4
Based on the macro definition shown below, what is the correct way to execute the macro in a search string? 


  • A: "convert_sales(euro,€,.79)"
  • B: 'convert_sales(euro,€,.79)'
  • C: "convert_sales($euro$,$€$,$.79$)"
  • D: 'convert_sales($euro$,$€$,$.79$)'

Question 5
There are several ways to access the field extractor. 
Which option automatically identifies the data type, source type, and sample event? 

  • A: Event Actions > Extract Fields
  • B: Fields sidebar > Extract New Fields
  • C: Settings > Field Extractions > New Field Extraction
  • D: Settings > Field Extractions > Open Field Extractor

Question 6
Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.)

  • A: CIM is a methodology for normalizing data.
  • B: CIM can correlate data from different sources.
  • C: The Knowledge Manager uses the CIM to create knowledge objects.
  • D: CIM is an app that can coexist with other apps on a single Splunk deployment.

Question 7
What do events in a transaction have in common?

  • A: All events in a transaction must have the same timestamp.
  • B: All events in a transaction must have the same sourcetype.
  • C: All events in a transaction must have the exact same set of fields.
  • D: All events in a transaction must be related by one or more fields.

Question 8
Which delimiters can the Field Extractor (FX) detect? (Choose all that apply.)

  • A: Tabs
  • B: Pipes
  • C: Spaces
  • D: Commas

Question 9
A data model consists of which three types of datasets?

  • A: Constraint, field, value.
  • B: Events, searches, transactions.
  • C: Field extraction, regex, delimited.
  • D: Transaction, session ID, metadata.

Question 10
Which of the following statements describe calculated fields? (Choose all that apply.)

  • A: Calculated fields can be used in the search bar. 
  • B: Calculated fields can be based on an extracted field.
  • C: Calculated fields can only be applied to host and sourcetype.
  • D: Calculated fields are shortcuts for performing calculations using the eval command.



