Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

SPLK-2001Free trial

By splunk

Verified

25Q per page

Question 1

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?

A: <option name ג€link.openSearch.viewTarget">$row.link$</option>
B: <drilldown> <link target=ג€ blank">$$row.link$$</link> </drilldown>
C: <drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
D: <drilldown> <link target ג€_blank">http://localhost:8000/debug/refresh</link> </drilldown>

—

Question 2

Which of the following options would be the best way to identify processor bottlenecks of a search?

A: Using the REST API.
B: Using the search job inspector.
C: Using the Splunk Monitoring Console.
D: Searching the Splunk logs using index=ג€ internalג€.

—

Question 3

Which of the following is true of a namespace?

A: The namespace is a type of token filter.
B: The namespace includes an app attribute which cannot be a wildcard.
C: The namespace filters the knowledge objects returned by the REST API.
D: The namespace does not filter knowledge objects returned by the REST API.

—

Question 4

What must be done when calling the serviceNS endpoint?

A: Authenticate with an admin user.
B: Specify the user and app context in the URI.
C: Authenticate with the user of the required context.
D: Pass the user and app context in the request payload.

—

Question 5

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?

A: /servicesNS/-/data/saved/searches/mySearch
B: /servicesNS/object/saved/searches/mySearch
C: /servicesNS/search/saved/searches/mySearch
D: /servicesNS/-/search/saved/searches/mySearch

—

Question 6

Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory?

A: $SPLUNK_HOME/etc/apps/myApp/local
B: $SPLUNK_HOME/etc/system/default/
C: $SPLUNK_HOME/etc/system/local
D: $SPLUNK_HOME/etc/apps/myApp/default

—

Question 7

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

A: Review the OWASP Top Ten List.
B: Store passwords in clear text in .conf files.
C: Review the OWASP Secure Coding Practices Quick Reference Guide.
D: Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

—

Question 8

There is a global search named global_search defined on a form as shown below:
<search id=global_search>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)

A: | tstats count
B: sourcetype=mysourcetype
C: stats sum(count) AS count by log level
D: search log_level=error | stats sum(count) AS count by component

—

Question 9

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

A: Cannot use event sampling.
B: Use a transforming command.
C: Use a standard Splunk visualization.
D: Commands before the first transforming command must be streamable.

—

Question 10

Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)

A: Multiple tokens can be created for use with different sourcetypes and indexes.
B: The edit token http admin role capability is required to create a token.
C: To create a token, send a POST request to services/collector endpoint.
D: Tokens can be edited using the data/inputs/http/{tokenName} endpoint.

—

Question 11

Which type of command is tstats?

A: Generating
B: Transforming
C: Centralized streaming
D: Distributable streaming

—

Question 12

When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?

A: App
B: User
C: Global
D: Nobody

—

Question 13

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

A: Stores checkpoint data for modular inputs.
B: Tracks workflow in an incident-review system.
C: Indexes metrics data from remote HTTP sources.
D: Stores application state as a user interacts with an app.

—

Question 14

How can hiding or showing a panel by clicking on a chart or a table on the same form be performed?

A: By using vent drilldown.
B: By using workflow action.
C: By using contextual drilldown.
D: By using visualization drilldown.

—

That’s the end of your free questions

You’ve reached the preview limit for SPLK-2001

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 70

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!