[2023年01月] 確実合格する有効な方法Splunk試験問題集でSPLK-1001試験学習ガイド
SPLK-1001問題集とSplunk Core Certified Userトレーニングコースでお客様の合格を楽にさせる学習合格試験問題!
Splunk SPLK-1001 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
質問 11
A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?
- A. An enhanced solution
- B. JSON
- C. An app
- D. A role
正解: C
質問 12
When looking at a statistics table, what is one way to drill down to see the underlying events?
- A. Viewing your report in a dashboard.
- B. Creating a pivot table.
- C. Clicking on the visualizations tab.
- D. Clicking on any field value in the table.
正解: C
質問 13
Splunk Components:
Which of the following are responsible for reducing search results?
- A. forwarders
- B. search heads
- C. indexers
正解: C
質問 14
It is no possible for a single instance of Splunk to manage the input, parsing and indexing of machine data.
- A. True
- B. False
正解: B
質問 15
In monitor option you can select the following options in GUI.
- A. Filed & Directories, HTTP Event Collector (HEC), TCP/UDP and Scripts
- B. Only TCP/UDP
- C. Only Scripts
- D. None of the above
- E. Only HTTP Event Collector (HEC) and TCP/UDP
正解: A
質問 16
What syntax is used to link key/value pairs in search strings?
- A. Quotation marks
- B. @ or # symbols
- C. Relational operators such as =, <, or >
- D. Parentheses
正解: C
質問 17
You can also specify a time range in the search bar. You can use the following for beginning and ending for a time range (Choose two.):
- A. Not possible to specify time manually in Search query
- B. latest=
- C. earliest=
- D. start=
- E. end=
正解: B,C
質問 18
What must be done in order to use a lookup table in Splunk?
- A. The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion.
- B. The lookup file must be uploaded to Splunk and a lookup definition must be created.
- C. The contents of the lookup file must be copied and pasted into the search bar.
- D. The lookup must be configured to run automatically.
正解: B
質問 19
Which of the following is the best way to create a report that shows the last 24 hours of events?
- A. Set a real-time search over a 24-hour window
- B. Use earliest=-1d@d latest=@d
- C. Use the time range picker to select "Last 24 hours"
- D. Use the time range picket to select "Yesterday"
正解: C
解説:
Explanation/Reference: https://answers.splunk.com/answers/153100/how-to-get-the-event-count-for-the-last-24-hours-as- a-scheduled-report.html
質問 20
What can be configured using the Edit Job Settings menu?
- A. Add the Job results to a dashboard.
- B. Change Job Lifetime from 10 minutes to 7 days.
- C. Schedule the Job to re-run in 10 minutes.
- D. Export the result to CSV format.
正解: B
質問 21
What user interface component allows for time selection?
- A. Data source time statistics
- B. Search time picker
- C. Time summary
- D. Time range picker
正解: D
質問 22
Splunk indexes the data on the basis of timestamps.
- A. False
- B. True
正解: B
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.3/Data/Aboutdefaultfields
質問 23
Which of the following fields is stored with the events in the index?
- A. location
- B. source
- C. user
- D. sourcelp
正解: B
質問 24
By default, how long does Splunk retain a search job?
- A. 10 Minutes
- B. 15 Minutes
- C. 7 Days
- D. 1 Day
正解: A
質問 25
What is a quick, comprehensive way to learn what data is present in a Splunk deployment?
- A. Run ./splunk show
- B. Click Data Summary in Splunk Web
- C. Review Splunk reports
- D. Search index=* sourcetype=* host=*
正解: B
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/InheritedDeployment/Yourdata
質問 26
How does Splunk determine which fields to extract from data?
- A. Splunk only extracts the most interesting data from the last 24 hours.
- B. Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.
- C. Splunk automatically extracts any fields that generate interesting visualizations.
- D. Splunk only extracts fields users have manually specified in their data.
正解: B
解説:
Explanation/Reference:
質問 27
When editing a dashboard, which of the following are possible options? (select all that apply)
- A. Modify the chart type displayed in a dashboard panel.
- B. Export a dashboard panel.
- C. Add an output.
- D. Drag a dashboard panel to a different location on the dashboard.
正解: D
質問 28
Which component of Splunk let us write SPL query to find the required data?
- A. Indexer
- B. Search head
- C. Heavy Forwarders
- D. Forwarders
正解: B
質問 29
At index time, in which field does Splunk store the timestamp value?
- A. timestamp
- B. _time
- C. time
- D. EventTime
正解: B
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Data/HowSplunkextractstimestamps
質問 30
Where does Licensing meter happen?
- A. Heavy Forwarder
- B. Input
- C. Indexer
- D. Parsing
正解: C
質問 31
Which of the following searches will return results where fail, 400, and error exist in every event?
- A. error OR (fail and 400)
- B. error OR fail OR 400
- C. error AND (fail AND 400)
- D. error AND (fail OR 400)
正解: D
解説:
Explanation
質問 32
Assuming a user has the capability to edit reports, which of the following are editable?
- A. The report's name, acceleration, permissions
- B. The report's name, schedule, permissions
- C. Acceleration, schedule, permissions
- D. The report's name, acceleration, schedule
正解: B
解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Report/Createandeditreports
質問 33
......
最新 [2023年01月] 効果的な学習法で試験合格できるSPLK-1001:https://www.jpntest.com/shiken/SPLK-1001-mondaishu