SPLK-1001試験無料問題集（245題）「Splunk Core Certified User 認定」

出題：1

Which search string matches only events with the status_code of 4:4?

A. status code>403 status_code<405

B. status_code !=404

C. status_code>=400

D. status_code<=404

正解：A 解答を投票する

出題：2

What does the stats command do?

A. Calculates statistics on data that matches the search criteria

B. Converts field values into numerical values

C. Analyzes numerical fields for their ability to predict another discrete field

D. Automatically correlates related fields

正解：A 解答を投票する

出題：3

Which statement describes field discovery at search time?

A. Splunk automatically discovers only fields directly related to the search results

B. Splunk automatically discovers only manually configured fields

C. Splunk automatically discovers only numeric fields

D. Splunk automatically discovers only alphanumeric fields

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What must be done before an automatic lookup can be created? (select all that apply)

A. The lookup definition must be created.

B. The lookup command must be used.

C. The lookup file must be verified using the inputlookup command.

D. The lookup file must be uploaded to Splunk.

正解：A 解答を投票する

出題：5

What is a suggested Splunk best practice for naming reports?

A. Any naming convention is fine as long as you keep an external spreadsheet to keep track.

B. Use a consistent naming convention so they are easily separated by characteristics such as group and object.

C. Name reports as uniquely as possible with no overlap to differentiate them from one another.

D. Reports are best named using many numbers so they can be more easily sorted.

正解：B 解答を投票する

出題：6

What result will you get with following search index=test sourcetype="The_Questionnaire_P*" ?

A. the_questionnaire _pedia

B. the_questionnaire pedia

C. the_questionnaire Pedia

D. the_questionnaire_pedia

正解：D 解答を投票する

出題：7

Which command will rename action to Customer Action?

A. | rename Action as "Customer Action"

B. | rename action as "Customer Action"

C. | rename Action to "Customer Action"

D. | rename action = CustomerAction

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which statement is true about Splunk alerts?

A. Alerts are based on searches and when triggered will only send an email notification.

B. Alerts are based on searches that are run exclusively as real-time.

C. Alerts are based on searches that are either run on a scheduled interval or in real-time.

D. Alerts are based on searches and require cron to run on scheduled interval.

正解：C 解答を投票する

出題：9

Which Field/Value pair will return only events found in the index named security?

A. Index=Security

B. index!=Security

C. Index=security

D. index=Security

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which Boolean operator is always implied between two search terms, unless otherwise specified?

A. AND

B. NOT

C. OR

D. XOR

正解：A 解答を投票する

出題：11

What will always appear in the Selected Fields list?

A. sourcetype

B. clientip

C. action

D. index

正解：A 解答を投票する

出題：12

Data sources being opened and read applies to:

A. Parsing Phase

B. Input Phase

C. None of the above

D. Indexing Phase

E. License Metering

正解：B 解答を投票する

出題：13

What is the correct syntax to count the number of events containing a vendor_action field?

A. count stats vendor_action

B. stats vendor_action (count)

C. stats count (vendor_action)

D. count stats (vendor_action)

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

What is the proper SPL terminology for specifying a particular index in a search?

A. indexer name-index_name

B. index name=index_name

C. indexer-index_name

D. index=index_name

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-1001試験無料問題集「Splunk Core Certified User 認定」