Copiar y Editar

SPLUNK 1002 TEST

Descripción

SPLUNK 1002 TEST
David OkOk
Test por David OkOk, actualizado hace 5 meses
David OkOk
Creado por David OkOk hace 8 meses
113
0
0

Resumen del Recurso

Pregunta 1

Pregunta
1.- Using the export function, you can export search results as __________.( Select all that apply)
Respuesta
  • Xml
  • Json
  • Html
  • A php file

Pregunta 2

Pregunta
2.- The fields sidebar does not show________. (Select all that apply.)
Respuesta
  • interesting fields
  • selected fields
  • all extracted fields

Pregunta 3

Pregunta
3.- Splunk alerts can be based on search that run______. (Select all that apply.)
Respuesta
  • in real-time
  • on a regular schedule
  • and have no matching events

Pregunta 4

Pregunta
4.- Alert throttling is used to _______.
Respuesta
  • verify each alert
  • stagger search request in a time sequenced order
  • stop spamming yourself with alerts
  • check severity

Pregunta 5

Pregunta
5.- A real-time alert is ______________.
Respuesta
  • A scheduled alert
  • constantly running in the background

Pregunta 6

Pregunta
6.- This tab shows you the event patterns in the results of a specific search.
Respuesta
  • statistics
  • visualization
  • patterns

Pregunta 7

Pregunta
7.- Which of the following about reports is/are true?
Respuesta
  • Reports are knowledge objects.
  • Reports can be scheduled.
  • Reports can run a script.
  • All of the above.

Pregunta 8

Pregunta
8.- Select this in the fields sidebar to automatically pipe you search results to the rare command
Respuesta
  • events with this field
  • rare values
  • top values by time
  • top values

Pregunta 9

Pregunta
9.- A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
Respuesta
  • skipped or deferred
  • automatically accelerated
  • deleted
  • all of the above

Pregunta 10

Pregunta
10.- Which of the following are valid options to speed up reports? (Select all the apply.)
Respuesta
  • Edit permissions
  • Edit description
  • Edit acceleration
  • Edit schedule

Pregunta 11

Pregunta
11.- Which of the following statements are true for this search? (Select all that apply.) SEARCH:sourcetype=access* |fields action productld status
Respuesta
  • is looking for all events that include the search terms: fields AND action AND productld AND status
  • users the table command to improve performance
  • limits the fields are extracted
  • returns a table with 3 columns

Pregunta 12

Pregunta
12.- Use the dedup command to _____.
Respuesta
  • Rename a field in the index
  • remove duplicate values
  • Provide an additional alias for the field that can
  • be used in the search criteria

Pregunta 13

Pregunta
13.- We can use the rename command to _____ (Select all that apply.)
Respuesta
  • Change indexed fields
  • Exclude fields from our search results
  • Extract new fields from our data using regular expressions
  • Give a field a new name at search time

Pregunta 14

Pregunta
14.- The limit attribute will___________.
Respuesta
  • override default of 10
  • only work with top command
  • override default of 20
  • override default of 15

Pregunta 15

Pregunta
15.- This function of the stats command allows you to identify the number of values a field has.
Respuesta
  • max
  • distinct_count
  • fields
  • count

Pregunta 16

Pregunta
16.- This function of the stats command allows you to return the sample standard deviation of a field.
Respuesta
  • stdev
  • dev
  • count deviation
  • by standarddev

Pregunta 17

Pregunta
17.- Which of the following commands will show the maximum bytes?
Respuesta
  • sourcetype=access_* | maximum totals by bytes
  • sourcetype=access_* | avg (bytes)
  • sourcetype=access_* | stats max(bytes)
  • sourcetype=access_* | max(bytes)

Pregunta 18

Pregunta
18.- Which of the following searches will show the number of categoryld used by each host?
Respuesta
  • Sourcetype=access_* |sum bytes by host
  • Sourcetype=access_* |stats sum(categoryld) by host
  • Sourcetype=access_* |sum(bytes) by host
  • Sourcetype=access_* |stats sum by host

Pregunta 19

Pregunta
19.- Sourcetype=access_* |stats sum by host
Respuesta
  • Rex
  • As
  • List
  • By

Pregunta 20

Pregunta
20.- This function of the stats command allows you to return the middle-most value of field X.
Respuesta
  • Median(X)
  • Eval by X
  • Fields(X)
  • Values(X)

Pregunta 21

Pregunta
21.- When a search returns __________, you can view the results as a list.
Respuesta
  • a list of events
  • transactions
  • statistical values

Pregunta 22

Pregunta
22.- Clicking a SEGMENT on a chart, ________.
Respuesta
  • drills down for that value
  • highlights the field value across the chart
  • adds the highlighted value to the search criteria

Pregunta 23

Pregunta
23.- Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.
Respuesta
  • inputlookup
  • lookup

Pregunta 24

Pregunta
24.- It is mandatory for the lookup file to have this for an automatic lookup to work.
Respuesta
  • Source type
  • At least five columns
  • Timestamp
  • Input filed

Pregunta 25

Pregunta
25.- These users can create global knowledge objects. (Select all that apply.)
Respuesta
  • users
  • power users
  • administrators

Pregunta 26

Pregunta
25.- This is what Splunk uses to categorize the data that is being indexed.
Respuesta
  • sourcetype
  • index
  • source
  • host

Pregunta 27

Pregunta
27.- This is what Splunk uses to categorize the data that is being indexed.
Respuesta
  • Host
  • Sourcetype
  • Index
  • Source

Pregunta 28

Pregunta
28.- By default search results are not returned in ________ order.
Respuesta
  • Chronological
  • Reverser chronological
  • ASCIE
  • Alphabetical

Pregunta 29

Pregunta
29.- The stats command will create a _____________ by default.
Respuesta
  • Table
  • Report
  • Pie chart

Pregunta 30

Pregunta
30.- Which is not a comparison operator in Splunk
Respuesta
  • <=
  • =
  • !=
  • >
  • ?=

Pregunta 31

Pregunta
31.- Which of the following is NOT a stats function:
Respuesta
  • sum
  • addtotals
  • count
  • avg

Pregunta 32

Pregunta
32.- If a search returns ____________ it can be viewed as a chart.
Respuesta
  • timestamps
  • statistics
  • events
  • keywords

Pregunta 33

Pregunta
33.- In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host
Respuesta
  • status
  • host
  • count

Pregunta 34

Pregunta
34.- The timechart command buckets data in time intervals depending on:
Respuesta
  • the number of events returned
  • the selected time range
  • the type of visualization selected

Pregunta 35

Pregunta
35.- Which of these search strings is NOT valid:
Respuesta
  • index=web status=50* | chart count over host, status
  • index=web status=50* | chart count over host by status
  • index=web status=5-* | chart count by host, status

Pregunta 36

Pregunta
36.- Which command is used to create choropleth maps?
Respuesta
  • geostats
  • cluster
  • geom

Pregunta 37

Pregunta
37.- which of the following are valid options with the chart command
Respuesta
  • useother
  • usenull
  • fillfield
  • usefiled

Pregunta 38

Pregunta
38.- The gauge command:
Respuesta
  • creates a single-value visualization
  • allows you to set colored ranges for a single-value visualization
  • creates a radial gauge visualization

Pregunta 39

Pregunta
39.- What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)
Respuesta
  • The average time elapsed during each transaction for all transactions
  • The average time for each event within each transaction
  • The average time between each transaction

Pregunta 40

Pregunta
40.- Which of these is NOT a field that is automatically created with the transaction command?
Respuesta
  • maxcount
  • duration
  • eventcount

Pregunta 41

Pregunta
41.- How many ways are there to access the Field Extractor Utility?
Respuesta
  • 3
  • 4
  • 1
  • 5

Pregunta 42

Pregunta
42.- When extracting fields, we may choose to use our own regular expressions
Respuesta
  • True
  • False

Pregunta 43

Pregunta
43.- Field aliases are used to __________ data
Respuesta
  • clean
  • transform
  • calculate
  • normalize

Pregunta 44

Pregunta
44.- What is the correct way to name a macro with two arguments?
Respuesta
  • us_sales2
  • us_sales(1,2)
  • us_sale,2
  • us_sales(2)

Pregunta 45

Pregunta
45.- When using a field value variable with a Workflow Action, which punctuation mark will escape the data.
Respuesta
  • *
  • !
  • ^
  • #

Pregunta 46

Pregunta
46.- __________ datasets can be added to root dataset to narrow down the search
Respuesta
  • parent
  • extracted
  • event
  • child

Pregunta 47

Pregunta
47.- Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?
Respuesta
  • maxpause
  • endswith
  • maxduration
  • maxspan

Pregunta 48

Pregunta
48.- The eval command 'if' function requires the following three arguments (in order):
Respuesta
  • Boolean expression, result if true, result if false
  • Result if true, result if false, boolean expression
  • Result if false, result if true, boolean expression
  • Boolean expression, result if false, result if true

Pregunta 49

Pregunta
49.- Which search would limit an "alert" tag to the "host" field?
Respuesta
  • tag=alert
  • host::tag::alert
  • tag==alert
  • tag::host=alert

Pregunta 50

Pregunta
50.- The transaction command allows you to __________ events across multiple sources
Respuesta
  • duplicate
  • correlate
  • persist
  • tag

Pregunta 51

Pregunta
51.- Which of the following commands are used when creating visualizations(select all that apply.)
Respuesta
  • Geom
  • Choropleth
  • Geostats
  • iplocation

Pregunta 52

Pregunta
52.- For choropleth maps,splunk ships with the following KMZ files (select all that apply)
Respuesta
  • States of the United States
  • States and provinces of the united states and Canada
  • Countries of the European Union
  • Countries of the World

Pregunta 53

Pregunta
54.- Complete the search, …. | _____ failure>successes
Respuesta
  • Search
  • Where
  • If
  • Any of the above

Pregunta 54

Pregunta
54.- These kinds of charts represent a series in a single bar with multiple sections
Respuesta
  • Multi-Series
  • Split-Series
  • Omit nulls
  • Stacked

Pregunta 55

Pregunta
55.- When using a split series on a chart, the series MUST be displayed using the STACKED option.
Respuesta
  • True
  • False

Pregunta 56

Pregunta
56.- Which of the following are valid options with the chart command ?(select all that apply)
Respuesta
  • usenull=f
  • useother=f
  • split=t
  • transcation=t

Pregunta 57

Pregunta
57.- This role is required to install the CIM Add-on.
Respuesta
  • ADMIN
  • POWER
  • USER

Pregunta 58

Pregunta
58.- The Splunk CIM Add-on includes data models in a __________ format. Select your answer.
Respuesta
  • MySQL
  • XML
  • JSON

Pregunta 59

Pregunta
59.- These allow you to categorize events based on search terms. Select your answer.
Respuesta
  • Groups
  • Event Types
  • Macros
  • Tags

Pregunta 60

Pregunta
60.- In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer.
Respuesta
  • Selected-Fields
  • Non-Matches
  • Non-Extractions
  • Matches
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Test de Nombres de Alimentos en Inglés
maya velasquez
Animales y sus Características
Diego Santos
Ingeniería Industrial
genifer.estrada
MAPA DE IDEAS
fumbapirane
MATEMÁTICAS PRIMARIA
Ulises Yo
TALLER N° 1 -PROPUESTA 1.2.3. PREPARA LA PRUEBA SABER
colegioguanegro2
Sistema Nervioso
Carlos Enrique Armas Montoro
Autores vacío
Manu prieto
VERBOS FRANCÉS (presente)
carmen muñoz
EVENTOS EN JAVA
**CR 7**
MANUAL DE MUSCULOS DE MIEMBRO SUPERIOR
cristian felipe pèrez cruz
Explorar la Librería