SPLUNK CORE CERTIFIED USER
EXAM VERIFIED STUDY QUESTIONS
AND ANSWERS
The new result after selecting the range by dragging filters the events and displays the
most recent first - ANSWER-Which of the statements is correct regarding click and drag
option in timeline?
Zoom to selection: Narrows the time range and re-executes the search.
Format Timeline: Hides or shows the timeline in different views
Zoom-out: Expands the time focus and re-executes the search - ANSWER-Which of the
statements are correct?
False - ANSWER-The default host name used in Inputs general settings can not be
changed.
earliest=
latest= - ANSWER-You can use the following options to specify start and end time for
the query range:
True - ANSWER-Zoom Out and Zoom to Selection re-executes the search
True - ANSWER-Search Assistant is enabled by default in the SPL editor with compact
settings.
Indexer - ANSWER-Where does Licensing meter happen?
False - ANSWER-Upload option creates inputs.conf
Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts - ANSWER-In
monitor option you can select the following options in GUI.
CLI
Splunk Web
Splunk apps and add-ons
inputs.conf - ANSWER-You can on-board data to Splunk using following means
Input Phase - ANSWER-Data sources being opened and read applies to
Can be accessed by Apps > Search & Reporting.
, Provides default interface for searching and analyzing logs.
Enables the user to create knowledge object, reports, alerts and dashboards. -
ANSWER-Which of the following statements are correct about Search & Reporting
App?
Both One-time and continuous monitoring - ANSWER-Monitor option in Add Data
provides
True - ANSWER-License Meter runs before data compression
Splunk User Behavior Analytics (UBA)
Splunk IT Service Intelligence (ITSI)
Splunk Enterprise Security (ES) - ANSWER-Which of the following are Splunk premium
enhanced solutions?
True - ANSWER-Fields are searchable name and value pairings that differentiates one
event from another.
True - ANSWER-Prefix wildcards might cause performance issues.
All firewall, web server, database, router and switch logs - ANSWER-What kind of logs
can Splunk Index?
True - ANSWER-We should use heavy forwarder for sending event-based data to
Indexers.
True - ANSWER-Splunk Enterprise is used as a Scalable service in Splunk Cloud.
Search Head - ANSWER-Which component of Splunk let us write SPL query to find the
required data?
Indexer - ANSWER-Which component of Splunk is primarily responsible for saving
data?
Designed to cater numerous use cases and empower Splunk
Allows multiple workspaces for different use cases/user roles
It is collection of different Splunk config files like data inputs, UI and Knowledge Object.
- ANSWER-Splunk apps are used for following
status_code>403 status_code<405 - ANSWER-Which search string matches only
events with the status_code of 404?
Indexer - ANSWER-transforms raw data into events and distributes the results into an
index.
EXAM VERIFIED STUDY QUESTIONS
AND ANSWERS
The new result after selecting the range by dragging filters the events and displays the
most recent first - ANSWER-Which of the statements is correct regarding click and drag
option in timeline?
Zoom to selection: Narrows the time range and re-executes the search.
Format Timeline: Hides or shows the timeline in different views
Zoom-out: Expands the time focus and re-executes the search - ANSWER-Which of the
statements are correct?
False - ANSWER-The default host name used in Inputs general settings can not be
changed.
earliest=
latest= - ANSWER-You can use the following options to specify start and end time for
the query range:
True - ANSWER-Zoom Out and Zoom to Selection re-executes the search
True - ANSWER-Search Assistant is enabled by default in the SPL editor with compact
settings.
Indexer - ANSWER-Where does Licensing meter happen?
False - ANSWER-Upload option creates inputs.conf
Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts - ANSWER-In
monitor option you can select the following options in GUI.
CLI
Splunk Web
Splunk apps and add-ons
inputs.conf - ANSWER-You can on-board data to Splunk using following means
Input Phase - ANSWER-Data sources being opened and read applies to
Can be accessed by Apps > Search & Reporting.
, Provides default interface for searching and analyzing logs.
Enables the user to create knowledge object, reports, alerts and dashboards. -
ANSWER-Which of the following statements are correct about Search & Reporting
App?
Both One-time and continuous monitoring - ANSWER-Monitor option in Add Data
provides
True - ANSWER-License Meter runs before data compression
Splunk User Behavior Analytics (UBA)
Splunk IT Service Intelligence (ITSI)
Splunk Enterprise Security (ES) - ANSWER-Which of the following are Splunk premium
enhanced solutions?
True - ANSWER-Fields are searchable name and value pairings that differentiates one
event from another.
True - ANSWER-Prefix wildcards might cause performance issues.
All firewall, web server, database, router and switch logs - ANSWER-What kind of logs
can Splunk Index?
True - ANSWER-We should use heavy forwarder for sending event-based data to
Indexers.
True - ANSWER-Splunk Enterprise is used as a Scalable service in Splunk Cloud.
Search Head - ANSWER-Which component of Splunk let us write SPL query to find the
required data?
Indexer - ANSWER-Which component of Splunk is primarily responsible for saving
data?
Designed to cater numerous use cases and empower Splunk
Allows multiple workspaces for different use cases/user roles
It is collection of different Splunk config files like data inputs, UI and Knowledge Object.
- ANSWER-Splunk apps are used for following
status_code>403 status_code<405 - ANSWER-Which search string matches only
events with the status_code of 404?
Indexer - ANSWER-transforms raw data into events and distributes the results into an
index.
