Kopieren und bearbeiten

SPLUNK 1002 TEST

Beschreibung

SPLUNK 1002 TEST
David OkOk
Quiz von David OkOk, aktualisiert vor 5 Monate
David OkOk
Erstellt von David OkOk vor 8 Monate
113
0
0

Zusammenfassung der Ressource

Frage 1

Frage
1.- Using the export function, you can export search results as __________.( Select all that apply)
Antworten
  • Xml
  • Json
  • Html
  • A php file

Frage 2

Frage
2.- The fields sidebar does not show________. (Select all that apply.)
Antworten
  • interesting fields
  • selected fields
  • all extracted fields

Frage 3

Frage
3.- Splunk alerts can be based on search that run______. (Select all that apply.)
Antworten
  • in real-time
  • on a regular schedule
  • and have no matching events

Frage 4

Frage
4.- Alert throttling is used to _______.
Antworten
  • verify each alert
  • stagger search request in a time sequenced order
  • stop spamming yourself with alerts
  • check severity

Frage 5

Frage
5.- A real-time alert is ______________.
Antworten
  • A scheduled alert
  • constantly running in the background

Frage 6

Frage
6.- This tab shows you the event patterns in the results of a specific search.
Antworten
  • statistics
  • visualization
  • patterns

Frage 7

Frage
7.- Which of the following about reports is/are true?
Antworten
  • Reports are knowledge objects.
  • Reports can be scheduled.
  • Reports can run a script.
  • All of the above.

Frage 8

Frage
8.- Select this in the fields sidebar to automatically pipe you search results to the rare command
Antworten
  • events with this field
  • rare values
  • top values by time
  • top values

Frage 9

Frage
9.- A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
Antworten
  • skipped or deferred
  • automatically accelerated
  • deleted
  • all of the above

Frage 10

Frage
10.- Which of the following are valid options to speed up reports? (Select all the apply.)
Antworten
  • Edit permissions
  • Edit description
  • Edit acceleration
  • Edit schedule

Frage 11

Frage
11.- Which of the following statements are true for this search? (Select all that apply.) SEARCH:sourcetype=access* |fields action productld status
Antworten
  • is looking for all events that include the search terms: fields AND action AND productld AND status
  • users the table command to improve performance
  • limits the fields are extracted
  • returns a table with 3 columns

Frage 12

Frage
12.- Use the dedup command to _____.
Antworten
  • Rename a field in the index
  • remove duplicate values
  • Provide an additional alias for the field that can
  • be used in the search criteria

Frage 13

Frage
13.- We can use the rename command to _____ (Select all that apply.)
Antworten
  • Change indexed fields
  • Exclude fields from our search results
  • Extract new fields from our data using regular expressions
  • Give a field a new name at search time

Frage 14

Frage
14.- The limit attribute will___________.
Antworten
  • override default of 10
  • only work with top command
  • override default of 20
  • override default of 15

Frage 15

Frage
15.- This function of the stats command allows you to identify the number of values a field has.
Antworten
  • max
  • distinct_count
  • fields
  • count

Frage 16

Frage
16.- This function of the stats command allows you to return the sample standard deviation of a field.
Antworten
  • stdev
  • dev
  • count deviation
  • by standarddev

Frage 17

Frage
17.- Which of the following commands will show the maximum bytes?
Antworten
  • sourcetype=access_* | maximum totals by bytes
  • sourcetype=access_* | avg (bytes)
  • sourcetype=access_* | stats max(bytes)
  • sourcetype=access_* | max(bytes)

Frage 18

Frage
18.- Which of the following searches will show the number of categoryld used by each host?
Antworten
  • Sourcetype=access_* |sum bytes by host
  • Sourcetype=access_* |stats sum(categoryld) by host
  • Sourcetype=access_* |sum(bytes) by host
  • Sourcetype=access_* |stats sum by host

Frage 19

Frage
19.- Sourcetype=access_* |stats sum by host
Antworten
  • Rex
  • As
  • List
  • By

Frage 20

Frage
20.- This function of the stats command allows you to return the middle-most value of field X.
Antworten
  • Median(X)
  • Eval by X
  • Fields(X)
  • Values(X)

Frage 21

Frage
21.- When a search returns __________, you can view the results as a list.
Antworten
  • a list of events
  • transactions
  • statistical values

Frage 22

Frage
22.- Clicking a SEGMENT on a chart, ________.
Antworten
  • drills down for that value
  • highlights the field value across the chart
  • adds the highlighted value to the search criteria

Frage 23

Frage
23.- Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.
Antworten
  • inputlookup
  • lookup

Frage 24

Frage
24.- It is mandatory for the lookup file to have this for an automatic lookup to work.
Antworten
  • Source type
  • At least five columns
  • Timestamp
  • Input filed

Frage 25

Frage
25.- These users can create global knowledge objects. (Select all that apply.)
Antworten
  • users
  • power users
  • administrators

Frage 26

Frage
25.- This is what Splunk uses to categorize the data that is being indexed.
Antworten
  • sourcetype
  • index
  • source
  • host

Frage 27

Frage
27.- This is what Splunk uses to categorize the data that is being indexed.
Antworten
  • Host
  • Sourcetype
  • Index
  • Source

Frage 28

Frage
28.- By default search results are not returned in ________ order.
Antworten
  • Chronological
  • Reverser chronological
  • ASCIE
  • Alphabetical

Frage 29

Frage
29.- The stats command will create a _____________ by default.
Antworten
  • Table
  • Report
  • Pie chart

Frage 30

Frage
30.- Which is not a comparison operator in Splunk
Antworten
  • <=
  • =
  • !=
  • >
  • ?=

Frage 31

Frage
31.- Which of the following is NOT a stats function:
Antworten
  • sum
  • addtotals
  • count
  • avg

Frage 32

Frage
32.- If a search returns ____________ it can be viewed as a chart.
Antworten
  • timestamps
  • statistics
  • events
  • keywords

Frage 33

Frage
33.- In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host
Antworten
  • status
  • host
  • count

Frage 34

Frage
34.- The timechart command buckets data in time intervals depending on:
Antworten
  • the number of events returned
  • the selected time range
  • the type of visualization selected

Frage 35

Frage
35.- Which of these search strings is NOT valid:
Antworten
  • index=web status=50* | chart count over host, status
  • index=web status=50* | chart count over host by status
  • index=web status=5-* | chart count by host, status

Frage 36

Frage
36.- Which command is used to create choropleth maps?
Antworten
  • geostats
  • cluster
  • geom

Frage 37

Frage
37.- which of the following are valid options with the chart command
Antworten
  • useother
  • usenull
  • fillfield
  • usefiled

Frage 38

Frage
38.- The gauge command:
Antworten
  • creates a single-value visualization
  • allows you to set colored ranges for a single-value visualization
  • creates a radial gauge visualization

Frage 39

Frage
39.- What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)
Antworten
  • The average time elapsed during each transaction for all transactions
  • The average time for each event within each transaction
  • The average time between each transaction

Frage 40

Frage
40.- Which of these is NOT a field that is automatically created with the transaction command?
Antworten
  • maxcount
  • duration
  • eventcount

Frage 41

Frage
41.- How many ways are there to access the Field Extractor Utility?
Antworten
  • 3
  • 4
  • 1
  • 5

Frage 42

Frage
42.- When extracting fields, we may choose to use our own regular expressions
Antworten
  • True
  • False

Frage 43

Frage
43.- Field aliases are used to __________ data
Antworten
  • clean
  • transform
  • calculate
  • normalize

Frage 44

Frage
44.- What is the correct way to name a macro with two arguments?
Antworten
  • us_sales2
  • us_sales(1,2)
  • us_sale,2
  • us_sales(2)

Frage 45

Frage
45.- When using a field value variable with a Workflow Action, which punctuation mark will escape the data.
Antworten
  • *
  • !
  • ^
  • #

Frage 46

Frage
46.- __________ datasets can be added to root dataset to narrow down the search
Antworten
  • parent
  • extracted
  • event
  • child

Frage 47

Frage
47.- Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?
Antworten
  • maxpause
  • endswith
  • maxduration
  • maxspan

Frage 48

Frage
48.- The eval command 'if' function requires the following three arguments (in order):
Antworten
  • Boolean expression, result if true, result if false
  • Result if true, result if false, boolean expression
  • Result if false, result if true, boolean expression
  • Boolean expression, result if false, result if true

Frage 49

Frage
49.- Which search would limit an "alert" tag to the "host" field?
Antworten
  • tag=alert
  • host::tag::alert
  • tag==alert
  • tag::host=alert

Frage 50

Frage
50.- The transaction command allows you to __________ events across multiple sources
Antworten
  • duplicate
  • correlate
  • persist
  • tag

Frage 51

Frage
51.- Which of the following commands are used when creating visualizations(select all that apply.)
Antworten
  • Geom
  • Choropleth
  • Geostats
  • iplocation

Frage 52

Frage
52.- For choropleth maps,splunk ships with the following KMZ files (select all that apply)
Antworten
  • States of the United States
  • States and provinces of the united states and Canada
  • Countries of the European Union
  • Countries of the World

Frage 53

Frage
54.- Complete the search, …. | _____ failure>successes
Antworten
  • Search
  • Where
  • If
  • Any of the above

Frage 54

Frage
54.- These kinds of charts represent a series in a single bar with multiple sections
Antworten
  • Multi-Series
  • Split-Series
  • Omit nulls
  • Stacked

Frage 55

Frage
55.- When using a split series on a chart, the series MUST be displayed using the STACKED option.
Antworten
  • True
  • False

Frage 56

Frage
56.- Which of the following are valid options with the chart command ?(select all that apply)
Antworten
  • usenull=f
  • useother=f
  • split=t
  • transcation=t

Frage 57

Frage
57.- This role is required to install the CIM Add-on.
Antworten
  • ADMIN
  • POWER
  • USER

Frage 58

Frage
58.- The Splunk CIM Add-on includes data models in a __________ format. Select your answer.
Antworten
  • MySQL
  • XML
  • JSON

Frage 59

Frage
59.- These allow you to categorize events based on search terms. Select your answer.
Antworten
  • Groups
  • Event Types
  • Macros
  • Tags

Frage 60

Frage
60.- In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer.
Antworten
  • Selected-Fields
  • Non-Matches
  • Non-Extractions
  • Matches
Zusammenfassung anzeigen Zusammenfassung ausblenden

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

Tipps zum Erstellen von Mindmaps
JohannesK
L' offre - Phrases - Chapitre 3
Gaelle Bourgeois
Elektrische Spannung
Peter Kasebacher
SMART Lernziele
barbara91
IKA-Theoriefragen Serie 01 (15 Fragen)
IKA ON ICT GmbH
Order-to-Cash Geschäftsprozess
zok42.com
1.2 Die Entwicklung der modernen Psychologie
achdrewes
Business-Englisch - Präsentieren
Antonia C
Chemieabitur 2016
peteka
Forschungs- und Anwendungsfelder der Soziologie Teil 2
stelly Welly
Vetie Chirugie 2015
Svea Schill
Bibliothek durchsuchen