Question 1

Universal forwarder is recommended for forwarding the logs to indexers.

Accepted Answer

A) True 
 B)False

Question 2

Which of the following file types is an option for exporting Splunk search results?

Accepted Answer

A)   PDF
B)   JSON
C)   XLS
D)   RTFE) A) and B)
F) All of the above

Question 3

Which search will return the 15 least common field values for the dest_ip field?

Accepted Answer

A)   sourcetype=firewall | rare num=15 dest_ip
B)   sourcetype=firewall | rare last=15 dest_ip
C)   sourcetype=firewall | rare count=15 dest_ip
D)   sourcetype=firewall | rare limit=15 dest_ipE) B) and C)
F) B) and D)

Question 4

Which is the default app for Splunk Enterprise?

Accepted Answer

A)   Splunk Enterprise Security Suite
B)   Searching and Reporting
C)   Reporting and Searching
D)   Splunk apps for SecurityE) B) and C)
F) A) and D)

Question 5

After running a search, what effect does clicking and dragging across the timeline have?

Accepted Answer

A)   Executes a new search.
B)   Filters current search results.
C)   Moves to past or future events.
D)   Expands the time range of the search.E) None of the above
F) All of the above

Question 6

Which of the following describes lookup files?

Accepted Answer

A)   Lookup fields cannot be used in searches.
B)   Lookups contain static data available in the index.
C)   Lookups add more fields to results returned by a search.
D)   Lookups pull data at index time and add them to search results.E) A) and B)
F) A) and C)

Question 7

Which search would return events from the access_combined sourcetype?

Accepted Answer

A)   Sourcetype=access_combined
B)   Sourcetype=Access_Combined
C)   sourcetype=Access_Combined
D)   SOURCETYPE=access_combinedE) None of the above
F) B) and C)

Exam 1: Splunk Core Certified User

Universal forwarder is recommended for forwarding the logs to indexers.

Correct Answer
verified

Which is the default app for Splunk Enterprise?

Correct Answer
verified

After running a search, what effect does clicking and dragging across the timeline have?

Correct Answer
verified

Which search would return events from the access_combined sourcetype?

Correct Answer
verified

Which of the following file types is an option for exporting Splunk search results?

Correct Answer
verified

Which search will return the 15 least common field values for the dest_ip field?

Correct Answer
verified

Which of the following describes lookup files?

Correct Answer
verified

Exam 1: Splunk Core Certified User

Universal forwarder is recommended for forwarding the logs to indexers.

Correct AnswerverifiedShow Answer

Which is the default app for Splunk Enterprise?

Correct AnswerverifiedShow Answer

After running a search, what effect does clicking and dragging across the timeline have?

Correct AnswerverifiedShow Answer

Which search would return events from the access_combined sourcetype?

Correct AnswerverifiedShow Answer

Which of the following file types is an option for exporting Splunk search results?

Correct AnswerverifiedShow Answer

Which search will return the 15 least common field values for the dest_ip field?

Correct AnswerverifiedShow Answer

Which of the following describes lookup files?

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified