©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
Splunk Core Certified User & Splunk
Fundamentals 1 Exam Questions and
Answers 100% Solved
T/F:
Machine data is always structured. - ✔✔False.
Machine data can be structured or unstructured.
Machine data makes up for more than ___% of the data accumulated by
organizations. - ✔✔90
T/F:
Machine data is only generated by web servers. - ✔✔False
Search requests are processed by the ___________. - ✔✔Indexers
Search strings are sent from the _________. - ✔✔Search Head
In most Splunk deployments, ________ serve as the primary way data is
supplied for indexing. - ✔✔Forwarders
Which of these is *not* a main component of Splunk?
,©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
A) Search and investigate.
B) Compress and archive.
C) Add knowledge.
D) Collect and index data. - ✔✔B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A) Indexers
B) Deployment Maker
C) Search Heads
D) Forwarders
E) Distributors - ✔✔A) Indexers
C) Search Heads
D) Forwarders
_________ define what users can do in Splunk.
A) Tokens
B) Disk permissions
,©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
C) Roles - ✔✔C) Roles
This role will only see their own knowledge objects and those that have
been shared with them.
A) User
B) Power
C) Admin - ✔✔A) User
T/F:
You can launch and manage apps from the home app. - ✔✔True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King
B) User
C) Manager
D) Admin
E) Power - ✔✔B) User
D) Admin
, ©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect - ✔✔A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance
is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks - ✔✔B) admin and changeme
Files indexed using the *upload* input option get indexed _____.
A) Each time Splunk restarts.
Splunk Core Certified User & Splunk
Fundamentals 1 Exam Questions and
Answers 100% Solved
T/F:
Machine data is always structured. - ✔✔False.
Machine data can be structured or unstructured.
Machine data makes up for more than ___% of the data accumulated by
organizations. - ✔✔90
T/F:
Machine data is only generated by web servers. - ✔✔False
Search requests are processed by the ___________. - ✔✔Indexers
Search strings are sent from the _________. - ✔✔Search Head
In most Splunk deployments, ________ serve as the primary way data is
supplied for indexing. - ✔✔Forwarders
Which of these is *not* a main component of Splunk?
,©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
A) Search and investigate.
B) Compress and archive.
C) Add knowledge.
D) Collect and index data. - ✔✔B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A) Indexers
B) Deployment Maker
C) Search Heads
D) Forwarders
E) Distributors - ✔✔A) Indexers
C) Search Heads
D) Forwarders
_________ define what users can do in Splunk.
A) Tokens
B) Disk permissions
,©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
C) Roles - ✔✔C) Roles
This role will only see their own knowledge objects and those that have
been shared with them.
A) User
B) Power
C) Admin - ✔✔A) User
T/F:
You can launch and manage apps from the home app. - ✔✔True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King
B) User
C) Manager
D) Admin
E) Power - ✔✔B) User
D) Admin
, ©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect - ✔✔A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance
is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks - ✔✔B) admin and changeme
Files indexed using the *upload* input option get indexed _____.
A) Each time Splunk restarts.
