SPLK-1002試験問題集を使って一日でSplunk Core Certified Power User試験合格目指す(最新の224解答)
SPLK-1002試験正確な問題集、学習ノートと理論
Splunk SPLK-1002 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
Splunk SPLK-1002認定試験は、データ分析とトラブルシューティングのためにSplunkソフトウェアを使用する専門知識を実証したい人にとって貴重な資格です。これは、候補者の複雑なタスクを実行し、展開を最適化する能力をテストする厳格な試験であり、IT業界の専門家にとって貴重な資産となっています。
質問 # 110
Which of the following are not true about lookups? (Select all that apply.)
- A. Lookup have a 10mg maximum size limit
- B. Search results can be used to populate a lookup table
- C. Splunk DB Connect can be used to populate a lookup table from relational databases
- D. Output from a script can be used to populate a lookup table
- E. Lookups can be time based
正解:A
質問 # 111
A macro has another macro nested within it, and this inner macro requires an argument. How can the user pass this argument into the SPL?
- A. There is no way to pass an argument to the inner macro.
- B. An argument can be passed to the inner macro by nesting parentheses.
- C. An argument can be passed through the outer macro.
- D. An argument can be passed to the outer macro by nesting parentheses.
正解:B
解説:
Explanation
The correct answer is D. An argument can be passed to the inner macro by nesting parentheses.
A search macro is a way to reuse a piece of SPL code in different searches. A search macro can take arguments, which are variables that can be replaced by different values when the macro is called. A search macro can also contain another search macro within it, which is called a nested macro. A nested macro can also take arguments, which can be passed from the outer macro or directly from the search string.
To pass an argument to the inner macro, you need to use parentheses to enclose the argument value and separate it from the outer macro argument. For example, if you have a search macro named outer_macro (1) that contains another search macro named inner_macro (2), and both macros take one argument each, you can pass an argument to the inner macro by using the following syntax:
outer_macro (argument1, inner_macro (argument2))
This will replace the argument1 and argument2 with the values you provide in the search string. For example, if you want to pass "foo" as the argument1 and "bar" as the argument2, you can write:
outer_macro ("foo", inner_macro ("bar"))
This will expand the macros with the corresponding arguments and run the SPL code contained in them.
References:
Search macro examples
Use search macros in searches
質問 # 112
To identify all of the contributing events within a transaction that contain at least one REJECTevent, which syntax is correct?
- A. index=main | transaction sessionid | where transaction="REJECT*"
- B. index=main | transaction sessionid | where transaction=reject
- C. index=main | transaction sessionid | search REJECT
- D. index=main REJECT | transaction sessionid
正解:C
質問 # 113
After manually editing a regular expression (regex), which of the following statements is true?
- A. The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited.
- B. Changes made manually can be reverted in the Field Extractor (FX) UI.
- C. It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.
- D. It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI.
正解:A
解説:
Explanation
質問 # 114
Which of the following statements describes POST workflow actions?
- A. POST workflow actions cannot use field values in their URI.
- B. POST workflow actions can open a web page in either the same window or a new .
- C. POST workflow actions are always encrypted.
- D. POST workflow actions cannot be created on custom sourcetypes.
正解:B
解説:
A workflow action is a link that appears when you click an event field value in your search results1. A workflow action can open a web page or run another search based on the field value1. There are two types of workflow actions: GET and POST1. A GET workflow action appends the field value to the end of a URI and opens it in a web browser1. A POST workflow action sends the field value as part of an HTTP request to a web server1. You can configure a workflow action to open a web page in either the same window or a new window1. Therefore, option D is correct, while options A, B and C are incorrect.
質問 # 115
Which knowledge object is used to normalize field names to comply with the Splunk Common Information Model (CIM)?
- A. Tags
- B. Event types
- C. Field alias
- D. Search workflow action
正解:C
解説:
The correct answer is
A) Field alias123.
In Splunk, a field alias is a knowledge object that you can use to assign an alternate name to a field3. This can be particularly useful when you want to normalize your data to comply with the Splunk Common Information Model (CIM)12.
The CIM provides a methodology for normalizing values to a common field name1. It acts as a search-time schema to define relationships in the event data while leaving the raw machine data intact2. By using field aliases, you can map vendor fields to common fields that are the same for each data source in a given domain4. This allows you to correlate events from different source types by normalizing these different occurrences to a common structure and naming convention1.
質問 # 116
Which search would limit an "alert" tag to the "host" field?
- A. host::tag::alert
- B. tag=alert
- C. tag==alert
- D. tag::host=alert
正解:D
解説:
Explanation
The search below would limit an "alert" tag to the "host" field.
tag::host=alert
The search does the following:
It uses tag syntax to filter events by tags. Tags are custom labels that can be applied to fields or field values to provide additional context or meaning for your data.
It specifies tag::host=alert as the tag filter. This means that it will only return events that have an "alert" tag applied to their host field or host field value.
It uses an equal sign (=) to indicate an exact match between the tag and the field or field value.
質問 # 117
Which of the following searches would return a report of sales by product-name?
- A. stats sum(price) as sales over product_name
- B. chart sum(price) as sales by product_name
- C. chart sales by product_name
- D. timechart list(sales), values(product_name)
正解:A
質問 # 118
What is the correct syntax to search for a tag associated with a value on a specific fields?
- A. Tag::<filed>=<tagname>
- B. Tag=<filed>::<tagname>
- C. Tag<filed(tagname.)
- D. Tag-<field?
正解:A
解説:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/TagandaliasfieldvaluesinSplunkWeb
質問 # 119
Which workflow uses field values to perform a secondary search?
- A. Sub-Search
- B. POST
- C. Search
- D. Action
正解:C
解説:
https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/CreateworkflowactionsinSplunkWeb
質問 # 120
Which type of visualization shows relationships between discrete values in three dimensions?
- A. Bubble chart
- B. Line chart
- C. Pie chart
- D. Scatter chart
正解:A
解説:
https://docs.splunk.com/Documentation/DashApp/0.9.0/DashApp/chartsBub
質問 # 121
Which group of users would most likely use pivots?
- A. Architects
- B. Knowledge Managers
- C. Users
- D. Administrators
正解:C
解説:
Reference:https://docs.splunk.com/Documentation/Splunk/8.0.3/Pivot/IntroductiontoPivot
質問 # 122
Splunk Components:
Which of the following are responsible for parsing incoming data and storing data on disc?
- A. forwarders
- B. indexers
- C. search heads
正解:B
質問 # 123
Which of the following statements describes the command below (select all that apply) sourcetype-access_combined | transaction JSESSIONID
- A. An additional filed named maxspan is created.
- B. An additional field named eventcount is created.
- C. Events with the same JSESSIONID will be grouped together into a single event.
- D. An additional Held named duration is created.
正解:B、C、D
質問 # 124
Which of the following statements describe data model acceleration? (select all that apply)
- A. Accelerated data models cannot be edited.
- B. You must have administrative permissions or the accelerate_dacamodel capability to accelerate a data model.
- C. Private data models cannot be accelerated.
- D. Root events cannot be accelerated.
正解:A、B、C
解説:
Explanation
Data model acceleration is a feature that speeds up searches on data models by creating and storing summaries of the data model datasets1. To enable data model acceleration, you must have administrative permissions or the accelerate_datamodel capability1. Therefore, option D is correct. Accelerated data models cannot be edited unless you disable the acceleration first1. Therefore, option B is correct. Private data models cannot be accelerated because they are not visible to other users1. Therefore, option C is correct. Root events can be accelerated as long as they are not based on a search string1. Therefore, option A is incorrect.
質問 # 125
Pivot editor enables users to quickly reports but they must use the pivot command.'
- A. False
- B. True
正解:A
質問 # 126
When using | timechart by host, which field is represented in the x-axis?
- A. host
- B. date
- C. time
- D. _time
正解:D
質問 # 127
New pivots automatically populate with __________ (Select all that apply).
- A. Time range filter
- B. Split columns
- C. Count of hosts
- D. Split rows
正解:A
質問 # 128
When you mouse over and click to add a search term this (thesE. Boolean operator(s) is(arE. not implied. (Select all that apply).
- A. ( )
- B. OR
- C. AND
- D. NOT
正解:A、B、D
解説:
When you mouse over and click to add a search term from the Fields sidebar or from an event in your search results, Splunk automatically adds the term to your search string with an implied AND operator2. However, this does not apply to some Boolean operators such as OR, NOT and parentheses (). These operators are not implied when you add a search term and you have to type them manually if you want to use them in your search string2. Therefore, options A, B and D are correct, while option C is incorrect because AND is implied when you add a search term.
質問 # 129
Calculated fields can be based on which of the following?
- A. Tags
- B. Extracted fields
- C. Output fields for a lookup
- D. Fields generated from a search string
正解:B
解説:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields A calculated field is a field that you create based on the value of another field or fields1. You can use calculated fields to enrich your data with additional information or to transform your data into a more useful format1. Calculated fields can be based on extracted fields, which are fields that are extracted from your raw data using various methods such as regular expressions, delimiters, or key-value pairs1. Therefore, option B is correct, while options A, C and D are incorrect because tags, output fields for a lookup, and fields generated from a search string are not types of extracted fields.
質問 # 130
Which of the following about reports is/are true?
- A. Reports can run a script.
- B. Reports are knowledge objects.
- C. Reports can be scheduled.
- D. All of the above.
正解:D
質問 # 131
Fast, optimized and verbose are all selectable search modes.
- A. False
- B. True
正解:A
質問 # 132
......
SPLK-1002試験は、90分以内に完了する必要がある60の複数選択質問で構成されています。この試験では、Splunkでの検索やレポート、ダッシュボードと視覚化の作成、フィールドとタグの操作、マクロと高度な検索コマンドの使用などのトピックについて説明します。この試験では、Splunkの一般的な問題やエラーをトラブルシューティングする候補者の能力もテストします。
SPLK-1002問題集PDFで最速合格希望SPLK-1002:https://www.jpntest.com/shiken/SPLK-1002-mondaishu