SPLUNK CORE CERTIFIED USER & SPLUNK FUNDAMENTALS 1 STUDY GUIDE EXAM 2023
T/F:
Machine data is always structured. - False.
Machine data can be structured or unstructured.
Machine data makes up for more than % of the data accumulated by organizations.
- 90
T/F:
Machine data is only generated by web servers. - False
Search requests are processed by the . - Indexers
Search strings are sent from the . - Search Head
In most Splunk deployments, serve as the primary way data is supplied for indexing. - Forwarders
Which of these is *not* a main component of Splunk?
A) Search and
investigate. B)
Compress and archive.
C) Add knowledge.
D) Collect and index data. - B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A)Indexers
B)Deployment Maker C) Search Heads
D)Forwarders
E)Distributors - A) Indexers C) Search Heads
D) Forwarders define what users can do in Splunk. A)Tokens
B)Disk permissions C) Roles - C) Roles
This role will only see their own knowledge objects and those that have been shared with them.
A) User B) Power
C) Admin - A) User
T/F:
You can launch and manage apps from the home app. - True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King B) User
C) Manager D) Admin
E) Power - B) User D) Admin
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App B) Sideview Utils
C)Search & Reporting
D)DB Connect - A) Home App C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password B) admin and changeme C) admin and 12345
D) buttercup and rawks - B) admin and changeme Files indexed using the *upload* input option get indexed .
A)Each time Splunk restarts. B)Every hour.
C)On every search.
D)Once. - D) Once.
T/F:
The monitor input option will allow you to continuously monitor files. - True
Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.
A) Line breaks B) Source types
C) File names - B) Source types
Splunk uses to categorize the type of data being indexed. - sourcetype
In most production environments, will be used as your the source of data input. - Forwarders
How is the *asterisk* used in Splunk search?
A)As a wildcard.
B)To make a nose for your clown emoticon. C) As a place holder.
D) To add up numbers. - A) As a wildcard.
Which following search mode toggles behavior based on the type of search being run?
A) Smart B) Fast
C) Verbose - A) Smart
T/F:
When zooming in on the event time line, a new search is run. - False
T/F:
These searches will return the same results...
failed password
failed AND password - True
A search job will remain active for minutes after it is run.
T/F:
Machine data is always structured. - False.
Machine data can be structured or unstructured.
Machine data makes up for more than % of the data accumulated by organizations.
- 90
T/F:
Machine data is only generated by web servers. - False
Search requests are processed by the . - Indexers
Search strings are sent from the . - Search Head
In most Splunk deployments, serve as the primary way data is supplied for indexing. - Forwarders
Which of these is *not* a main component of Splunk?
A) Search and
investigate. B)
Compress and archive.
C) Add knowledge.
D) Collect and index data. - B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A)Indexers
B)Deployment Maker C) Search Heads
D)Forwarders
E)Distributors - A) Indexers C) Search Heads
D) Forwarders define what users can do in Splunk. A)Tokens
B)Disk permissions C) Roles - C) Roles
This role will only see their own knowledge objects and those that have been shared with them.
A) User B) Power
C) Admin - A) User
T/F:
You can launch and manage apps from the home app. - True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King B) User
C) Manager D) Admin
E) Power - B) User D) Admin
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App B) Sideview Utils
C)Search & Reporting
D)DB Connect - A) Home App C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password B) admin and changeme C) admin and 12345
D) buttercup and rawks - B) admin and changeme Files indexed using the *upload* input option get indexed .
A)Each time Splunk restarts. B)Every hour.
C)On every search.
D)Once. - D) Once.
T/F:
The monitor input option will allow you to continuously monitor files. - True
Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.
A) Line breaks B) Source types
C) File names - B) Source types
Splunk uses to categorize the type of data being indexed. - sourcetype
In most production environments, will be used as your the source of data input. - Forwarders
How is the *asterisk* used in Splunk search?
A)As a wildcard.
B)To make a nose for your clown emoticon. C) As a place holder.
D) To add up numbers. - A) As a wildcard.
Which following search mode toggles behavior based on the type of search being run?
A) Smart B) Fast
C) Verbose - A) Smart
T/F:
When zooming in on the event time line, a new search is run. - False
T/F:
These searches will return the same results...
failed password
failed AND password - True
A search job will remain active for minutes after it is run.
