2022年更新のSplunk Core Certified Power Userが有効なSPLK-1002問題集を無料提供しています
最新のJPNTest SPLK-1002のPDF問題集をダウンロードしちゃおう:https://www.jpntest.com/shiken/SPLK-1002-mondaishu(179問題と解答)
質問 78
Only Splunk Administrators can assign selected fields.
- A. True
- B. False
正解: B
質問 79
Which of the following Statements about macros is true? (select all that apply)
- A. Arguments are defined when the macro is created.
- B. Argument values are used to resolve the search string when the macro is created.
- C. Argument values are used to resolve the search string at execution time.
- D. Arguments are defined at execution time.
正解: C,D
質問 80
Calculated fields can be based on which of the following?
- A. Tags
- B. Extracted fields
- C. Fields generated from a search string
- D. Output fields for a lookup
正解: B
質問 81
Data model are composed of one or more of which of the fo-owing datasets? (select all that apply.)
- A. Search datasets
- B. Transaction datasets
- C. Any child of event, transaction, and search datasets
- D. Events datasets
正解: A,B,D
解説:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels
質問 82
What information must be included when using the datamodelcommand?
- A. Data model dataset name.
- B. statusfield
- C. Data model field name.
- D. Multiple indexes
正解: C
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/Datamodel
質問 83
What do events in a transaction have in common?
- A. All events in a transaction must be related by one or more fields.
- B. All events in a transaction must have the same timestamp.
- C. All events in a transaction must have the same sourcetype.
- D. All events in a transaction must have the exact same set of fields.
正解: C
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Abouttransactions
質問 84
In most large Splunk environments, what is the most efficient command that can be used to group events by fields/
- A. join
- B. transaction
- C. streamstats
- D. stats
正解: D
解説:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Search/Abouttransactions In other cases, it's usually better to use the stats command, which performs more efficiently, especially in a distributed environment. Often there is a unique ID in the events and stats can be used.
質問 85
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
- A. Spaces
- B. Pipes
- C. Tabs
- D. Commas
正解: A,B,D
解説:
Reference:https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep
質問 86
This role is required to install the CIM Add-on.
Select your answer.
- A. ADMIN
- B. USER
- C. POWER
正解: A
質問 87
Search terms are not case sensitive.
- A. False
- B. True
正解: B
質問 88
When should transaction be used?
- A. Only in a large distributed Splunk environment.
- B. When event grouping is based on start/end values.
- C. When calculating results from one or more fields.
- D. When grouping events results in over 1000 events in each group.
正解: C
解説:
Reference:https://docs.splunk.com/Documentation/Splunk/8.0.3/Search/Abouttransactions
質問 89
Which of the following statements describe calculated fields? (Choose all that apply.)
- A. Calculated fields can be used in the search bar.
- B. Calculated fields can only be applied to host and sourcetype.
- C. Calculated fields are shortcuts for performing calculations using the evalcommand.
- D. Calculated fields can be based on an extracted field.
正解: C,D
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields
質問 90
Which workflow action method can be used the action type is set to link?
- A. GET
- B. PUT
- C. Search
- D. UPDATE
正解: A
解説:
Explanation
https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/SetupaGETworkflowaction Define a GET workflow action Steps
* Navigate to Settings > Fields
* Click New to open up a new workflow action form.
* Define a Label for the action.
The Label field enables you to define the text that is displayed in either the field or event workflow menu.
Labels can be static or include the value of relevant fields.
* Determine whether the workflow action applies to specific fields or event types in your data.
Use Apply only to the following fields to identify one or more fields. When you identify fields, the workflow action only appears for events that have those fields, either in their event menu or field menus. If you leave it blank or enter an asterisk the action appears in menus for all fields.
Use Apply only to the following event types to identify one or more event types. If you identify an event type, the workflow action only appears in the event menus for events that belong to the event type.
* For Show action in determine whether you want the action to appear in the Event menu, the Fields menus, or Both.
* Set Action type to link.
* In URI provide a URI for the location of the external resource that you want to send your field values to.
Similar to the Label setting, when you declare the value of a field, you use the name of the field enclosed by dollar signs.
Variables passed in GET actions via URIs are automatically URL encoded during transmission. This means you can include values that have spaces between words or punctuation characters.
* Under Open link in, determine whether the workflow action displays in the current window or if it opens the link in a new window.
* Set the Link method to get
* Click Save to save your workflow action definition.
質問 91
These allow you to categorize events based on search terms.
Select your answer.
- A. Macros
- B. Groups
- C. Tags
- D. Event Types
正解: D
質問 92
A user wants to convert numeric field values to strings and also to sort on those values.
Which command should be used first, theevalor thesort?
- A. It doesn't matter whether eval or sort is used first.
- B. You cannot use the sort command and the eval command on the same field.
- C. Convert the numeric to a string with eval first, then sort.
- D. Use sort first, then convert the numeric to a string with eval.
正解: D
質問 93
Using the export function, you can export search results as __________.( Select all that apply)
- A. Xml
- B. A php file
- C. Json
- D. Html
正解: A,C
質問 94
Calculated fields can be based on which of the following?
- A. Tags
- B. Extracted fields
- C. Fields generated from a search string
- D. Output fields for a lookup
正解: B
解説:
Explanation
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields
質問 95
What do events in a transaction have In common?
- A. All events in a transaction must be related by one or more fields.
- B. All events in a transaction must have the same sourcetype.
- C. All events In a transaction must have the same timestamp.
- D. All events in a transaction must have the exact same set of fields.
正解: B
解説:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Abouttransactions
質問 96
......
実験された試験材料はSPLK-1002:https://www.jpntest.com/shiken/SPLK-1002-mondaishu