[2024年04月]に更新されたSplunk Core Certified Power User SPLK-1002日本語試験練習問題集お試しセット [Q33-Q54]

[2024年04月]に更新されたSplunk Core Certified Power User SPLK-1002日本語試験練習問題集お試しセット

2024年最新のSPLK-1002日本語プレミアム資料テストPDF無料問題集お試しセット

質問 # 33
GETワークフローアクションを作成するために必要な情報には、次のうちどれが含まれますか？ （該当するものをすべて選択。）

• A. 検索時にユーザーが誘導されるURIの名前。
• B. 検索時に[イベントアクション]メニューに表示されるラベル。
• C. ワークフローアクションの名前
• D. ユーザーが検索時に誘導されるURI。

正解：B、C、D

解説：
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/SetupaGETworkflowaction

質問 # 34
この検索について説明しているのは次のうちどれですか?
新しい検索
「three_party_outages(EMEA、-24h)」

• A. この検索で​​は、タグ EMEA および -24h を持つ third_party_outages インデックス内のすべてのイベントが検索されます。
• B. この検索で​​は、 third_party_outages の保存済み検索が実行され、「EMEA」と「EMEA」を含むイベントがフィルターされます。
  生のイベント データの「-24h」。
• C. この検索で​​は third_party_outages マクロが実行され、引数 EMEA と -24h が
  マクロ定義。
• D. この検索で​​は、「EMEA」または「-24h」を含む third_party_outages イベント タイプのすべてのイベントが検索されます。
  生のイベントデータ。

正解：C

解説：
This search will run the third_party_outages macro and pass the arguments EMEA and -24h to the macro definition. A search macro is a reusable chunk of SPL that can be inserted into other searches. A search macro can take arguments that are used to resolve the search string at execution time. The syntax for using a search macro is macro_name (argument1, argument2, ...).
Reference
See Use search macros in searches and Search macro examples in the Splunk Documentation.

質問 # 35
Splunk Common Information Model (CIM) アドオンに含まれているデータ モデルは次のうちどれですか?
（該当するものをすべて選択）

• A. データベース
• B. 電子メール
• C. アラート
• D. ユーザー権限

正解：B、C

解説：
The Splunk Common Information Model (CIM) Add-on includes a variety of data models designed to normalize data from different sources to allow for cross-source reporting and analysis. Among the data models included, Alerts (Option B) and Email (Option D) are part of the CIM. The Alerts data model is used for data related to alerts and incidents, while the Email data model is used for data pertaining to email messages and transactions. User permissions (Option A) and Databases (Option C) are not data models included in the CIM; rather, they pertain to aspects of data access control and specific types of data sources, respectively, which are outside the scope of the CIM's predefined data models.

質問 # 36
ユーザーがフィールド エクストラクター (FX) を使用して区切りフィールド抽出を選択するのはどのような場合ですか?

• A. ログファイルの値がカンマなどの同じ文字で区切られている場合。
• B. ファイルに、その構造または形式に関する情報を提供するヘッダーがある場合。
• C. ログファイルに空行やコメントが含まれる場合。
• D. JSON や XML などの構造化ファイルを使用します。

正解：A

解説：
Explanation
The correct answer is A. When a log file has values that are separated by the same character, for example, commas.
The Field Extractor (FX) is a utility in Splunk Web that allows you to create new fields from your events by using either regular expressions or delimiters. The FX provides a graphical interface that guides you through the steps of defining and testing your field extractions1.
The FX supports two field extraction methods: regular expression and delimited. The regular expression method works best with unstructured event data, such as logs or messages, that do not have a consistent format or structure. You select a sample event and highlight one or more fields to extract from that event, and the FX generates a regular expression that matches similar events in your data set and extracts the fields from them1.
The delimited method is designed for structured event data: data from files with headers, where all of the fields in the events are separated by a common delimiter, such as a comma, a tab, or a space. You select a sample event, identify the delimiter, and then rename the fields that the FX finds1.
Therefore, you would select the delimited field extraction method when you have a log file that has values that are separated by the same character, for example, commas. This method will allow you to easily extract the fields based on the delimiter without writing complex regular expressions.
The other options are not correct because they are not suitable for the delimited field extraction method. These options are:
B: When a log file contains empty lines or comments: This option does not indicate that the log file has a structured format or a common delimiter. The delimited method might not work well with this type of data, as it might miss some fields or include some unwanted values.
C: With structured files such as JSON or XML: This option does not require the delimited method, as Splunk can automatically extract fields from JSON or XML files by using indexed extractions or search-time extractions2. The delimited method might not work well with this type of data, as it might not recognize the nested structure or the special characters.
D: When the file has a header that might provide information about its structure or format: This option does not indicate that the file has a common delimiter between the fields. The delimited method might not work well with this type of data, as it might not be able to identify the fields based on the header information.
References:
Build field extractions with the field extractor
Configure indexed field extraction

質問 # 37
コロプレスマップの場合、splunkには次のKMZファイルが付属しています（該当するものをすべて選択してください）

• A. 欧州連合の国
• B. 世界の国々
• C. アメリカ合衆国の州
• D. 米国およびカナダの州および県

正解：B、C

質問 # 38
Splunk Common Information Model (CIM) について正しいのは次のうちどれですか?

• A. CIM に含まれるデータ モデルは、データ モデル アクセラレーションがオンになって構成されています。
• B. CIM は、インデクサー上で実行する必要があるアプリです。
• C. CIM には 28 の事前構成されたデータセットが含まれています。
• D. CIM に含まれるデータ モデルは、データ モデル アクセラレーションがオフになって構成されています。

正解：A

解説：
The Splunk Common Information Model (CIM) is an app that contains a set of predefined data models that apply a common structure and naming convention to data from any source. The CIM enables you to use data from different sources in a consistent and coherent way. The CIM contains 28 pre-configured datasets that cover various domains such as authentication, network traffic, web, email, etc. The data models included in the CIM are configured with data model acceleration turned on by default, which means that they are optimized for faster searches and analysis. Data model acceleration creates and maintains summary data for the data models, which reduces the amount of raw data that needs to be scanned when you run a search using a data model.
Splunk Core Certified Power User Track, page 10. : Splunk Documentation, About the Splunk Common Information Model.

質問 # 39
次のevalコマンド関数のどれが有効ですか？

• A. Int（）
• B. Tostring（）
• C. カウント（）
• D. 印刷（）

正解：B

質問 # 40
履歴検索に指定された時間範囲は、____________を定義します。------ansで疑わしい

• A. 静的結果の時間範囲
• B. タイムラインにデータストリームとして表示されるデータの量
• C. その時間範囲に一致するインデックスからフェッチされたデータの量

正解：C

解説：
Explanation
The time range specified for a historical search defines the amount of data fetched from the index matching that time range2. A historical search is a search that runs over a fixed period of time in the past2. When you run a historical search, Splunk searches the index for events that match your search string and fall within the specified time range2. Therefore, option B is correct, while options A and C are incorrect because they are not what the time range defines for a historical search.

質問 # 41
計算フィールドでソースとして使用できるオブジェクトは次のうちどれですか?

• A. タグフィールド。
• B. 自動検索によって追加されたフィールド。
• C. イベントタイプフィールド。
• D. フィールドの別名。

正解：B

解説：
The correct answer is B. A field added by an automatic lookup.
A calculated field is a field that is added to events at search time by using an eval expression. A calculated field can use the values of two or more fields that are already present in the events to perform calculations. A calculated field can use any field as a source, as long as the field is extracted before the calculated field is defined1.
An automatic lookup is a way to enrich events with additional fields from an external source, such as a CSV file or a database. An automatic lookup can add fields to events based on the values of existing fields, such as host, source, sourcetype, or any other extracted field2. An automatic lookup is performed before the calculated fields are defined, so the fields added by the lookup can be used as sources for the calculated fields3.
Therefore, a calculated field can use a field added by an automatic lookup as a source.
Reference:
About calculated fields
About lookups
Search time processing

質問 # 42
次のevalステートメントで、ステータスが503の場合、descriptionの値は何ですか？ index = main | eval description = case（status == 200、 "OK"、status == 404、 "Not found"、status == 500、 "Internal Server Error"）

• A. 説明フィールドには値が含まれません。
• B. 説明フィールドには「内部サーバーエラー」という値が含まれます。
• C. このステートメントは不完全であるため、Splunkでエラーが発生します。
• D. 説明フィールドには値0が含まれます。

正解：A

解説：
https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/ConditionalFunctions

質問 # 43
返される最も早いイベントと最も遅いイベントの間の最大合計時間を設定するには、transactionコマンドでどの関数を使用する必要がありますか？

• A. maxduration
• B. maxspan
• C. で終わる
• D. maxpause

正解：B

解説：
The maxspan function of the transaction command allows you to set the maximum total time between the
earliest and latest events returned. The maxspan function is an argument that can be used with the transaction
command to specify the start and end constraints for the transactions. The maxspan function takes a time
modifier as its value, such as 30s, 5m, 1h, etc. The maxspan function sets the maximum time span between the
first and last events in a transaction. If the time span between the first and last events exceeds the maxspan
value, the transaction will be split into multiple transactions.

質問 # 44
Splunk Common Information Model（CIM）アドオンに含まれているデータモデルは次のうちどれですか？ （該当するものをすべて選択）

• A. データベース
• B. メール
• C. アラート
• D. ユーザー権限

正解：A、B、C

解説：
Reference:https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview
The Splunk Common Information Model (CIM) add-on is a collection of pre-built data models and knowledge
objects that help you normalize your data from different sources and make it easier to analyze and report on
it3. The CIM add-on includes several data models that cover various domains such as Alerts, Email, Database,
Network Traffic, Web and more3. Therefore, options A, B and C are correct because they are names of some
of the data models included in the CIM add-on. Option D is incorrect because User permissions is not a name
of a data model in the CIM add-on.

質問 # 45
次の検索は何をしますか？

• A. ユーザーごとに分割されたミステリーアメリカンドッグの総数のテーブルを作成します。
• B. 食べたすべての種類のアメリカンドッグの数をユーザーごとに分けて表を作成します。
• C. ユーザーの総数とアメリカンドッグごとの分割のテーブルを作成します。
• D. 菜食主義のアメリカンドッグごとにユーザーの総数をグループ化するテーブルを作成します。

正解：A

質問 # 46
timechartコマンドは、以下に応じた時間間隔でデータをバケット化します。

• A. 選択した時間範囲
• B. 選択した視覚化のタイプ
• C. 返されたイベントの数

正解：A

解説：
The timechart command buckets data in time intervals depending on the selected time range2. The timechart
command is similar to the chart command but it automatically groups events into time buckets based on the
_time field2. The size of the time buckets depends on the time range that you select for your search. For
example, if you select Last 24 hours as your time range, Splunk will use 30-minute buckets for your
timechart. If you select Last 7 days as your time range, Splunk will use 4-hour buckets for your timechart2.
Therefore, option B is correct, while options A and C are incorrect because they are not factors that affect the
size of the time buckets.

質問 # 47
次の文のうち、以下の検索文字列を説明しているのはどれですか？
| datamodel Application_StateAll_Application_State検索

• A. イベントはApplication_Stateという名前のデータモデルから返されます。
• B. パイプはdatamodelコマンドの後に発生する必要があるため、イベントは返されません
• C. Evenrchesは、州ごとの売上レポートを返します。
• D. イベントはAll_Application_stateという名前のデータモデルから返されます。

正解：A

解説：
Explanation
The search string below returns events from the data model named Application_State.
| datamodel Application_State All_Application_State search
The search string does the following:
It uses the datamodel command to access a data model in Splunk. The datamodel command takes two arguments: the name of the data model and the name of the dataset within the data model.
It specifies the name of the data model as Application_State. This is a predefined data model in Splunk that contains information about web applications.
It specifies the name of the dataset as All_Application_State. This is a root dataset in the data model that contains all events from all child datasets.
It uses the search command to filter and transform the events from the dataset. The search command can use any search criteria or command to modify the results.
Therefore, the search string returns events from the data model named Application_State.

質問 # 48
二次検索を実行するワークフロー アクション タイプはどれですか?

• A. 取得
• B. ドリルダウン
• C. ポスト
• D. 検索

正解：D

解説：
The correct answer is D. Search.
A workflow action is a knowledge object that enables a variety of interactions between fields in events and other web resources. Workflow actions can create HTML links, generate HTTP POST requests, or launch secondary searches based on field values1.
There are three types of workflow actions that can be set up using Splunk Web: GET, POST, and Search2.
GET workflow actions create typical HTML links to do things like perform Google searches on specific values or run domain name queries against external WHOIS databases2.
POST workflow actions generate an HTTP POST request to a specified URI. This action type enables you to do things like creating entries in external issue management systems using a set of relevant field values2.
Search workflow actions launch secondary searches that use specific field values from an event, such as a search that looks for the occurrence of specific combinations of ipaddress and http_status field values in your index over a specific time range2.
Therefore, the workflow action type that performs a secondary search is Search.
Reference:
Splexicon:Workflowaction
About workflow actions in Splunk Web

質問 # 49
次の検索コントロールのうち、検索を再実行しないのはどれですか？ （該当するものをすべて選択。）

• A. ズームアウト
• B. 選択を解除
• C. タイムラインでバーの範囲を選択する
• D. タイムラインでバーを選択する

正解：B、C、D

解説：
Explanation
The timeline is a graphical representation of your search results that shows the distribution of events over time2. You can use the timeline to zoom in or out of a specific time range or to select one or more bars on the timeline to filter your results by that time range2. However, these actions will not re-run the search, but rather refine the existing results based on the selected time range2. Therefore, options B, C and D are correct, while option A is incorrect because zooming out will re-run the search with a broader time range.

質問 # 50
Field Extractorワークフローの検証ステップ中：
あなたの答えを選択してください。

• A. フィールド抽出を変更することはできません
• B. 定義するフィールドに一致しない値を削除できます
• C. データの発信元を検証できます

正解：B

解説：
Explanation
During the validation step of the Field Extractor workflow, you can remove values that aren't a match for the field you want to define2. The validation step allows you to review and edit the values that have been extracted by the FX and make sure they are correct and consistent2. You can remove values that aren't a match by clicking on them and selecting Remove Value from the menu2. This will exclude them from your field extraction and update the regular expression accordingly2. Therefore, option A is correct, while options B and C are incorrect because they are not actions that you can perform during the validation step of the Field Extractor workflow.

質問 # 51
success ful_purchases というイベント タイプの結果のみを返す検索文字列はどれですか?

• A. イベントタイプ - 成功 ful_purchases
• B. 成功した購入数
• C. イベント タイプ:: 購入の成功
• D. タグ=成功 ful_purchases

正解：B

解説：
Explanation
This is because event types are added to events as a field named eventtype, and you can use this field as a search term to find events that match a specific event type. For example, eventtype=successful_purchases returns all events that have been categorized as successful purchases by the event type definition. The other options are incorrect because they either use a different field name (tag), a different syntax (Event Type:: or event type-), or have a typo (success ful_purchases). You can learn more about how to use event types in searches from the Splunk documentation1.

質問 # 52
タグに関連付けられたイベントを検索するための正しい構文は何ですか?

• A. タグ:<フィールド>=<値>
• B. タグ=<値>
• C. タグ=<値>
• D. タグ:<フィールド>=<値>

正解：C

解説：
The correct syntax to find events associated with a tag in Splunk istag=<value>1. So, the correct answer isD.
tag=<value>.This syntax allows you to annotate specified fields in your search results with tags1.
In Splunk, tags are a type of knowledge object that you can use to add meaningful aliases to field values in
your data1. For example, if you have a field calledstatus_codein your data,you might have different status
codes like 200, 404, 500, etc. You can create tags for these status codes likesuccessfor 200,not_foundfor 404,
andserver_errorfor 500.Then, you can use thetagcommand in your searches to find events associated with
these tags1.
Here is an example of how you can use thetagcommand in a search:
index=main sourcetype=access_combined | tag status_code
In this search, thetagcommand annotates thestatus_codefield in the search results with the corresponding
tags.If you have tagged the status code 200 withsuccess, the status code 404 withnot_found, and the status
code 500 withserver_error, the search results will include these tags1.
You can also use thetagcommand with a specific tag value to find events associated with that tag. For
example, the following search finds all events where the status code is tagged withsuccess:
index=main sourcetype=access_combined | tag status_code | search tag::status_code=success
In this search, thetagcommand annotates thestatus_codefield with the corresponding tags, and
thesearchcommand filters the results to include only events where thestatus_codefield is tagged withsuccess1.

質問 # 53
次の検索のうち、特権付きのタグ名を含むイベントを返すのはどれですか？

• A. タグ=プライベート
• B. タグ=プライベート*
• C. タグ= Pri *
• D. タグ=特権

正解：C

解説：
Reference: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity

質問 # 54
......

今すぐ弊社のSplunk Core Certified Power User試験パッケージ使って試験準備してSPLK-1002日本語をパスせよ：https://www.jpntest.com/shiken/SPLK-1002J-mondaishu