Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SPLK-2001 by Splunk - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following is true of a namespace?

A The namespace is a type of token filter.
B The namespace includes an app attribute which cannot be a wildcard.
C The namespace filters the knowledge objects returned by the REST API.
D The namespace does not filter knowledge objects returned by the REST API.

Question 4

What must be done when calling the serviceNS endpoint?

A Authenticate with an admin user.
B Specify the user and app context in the URI.
C Authenticate with the user of the required context.
D Pass the user and app context in the request payload.

Question 5

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?

A /servicesNS/-/data/saved/searches/mySearch
B /servicesNS/object/saved/searches/mySearch
C /servicesNS/search/saved/searches/mySearch
D /servicesNS/-/search/saved/searches/mySearch

Question 6

Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory?

A $SPLUNK_HOME/etc/apps/myApp/local
B $SPLUNK_HOME/etc/system/default/
C $SPLUNK_HOME/etc/system/local
D $SPLUNK_HOME/etc/apps/myApp/default

Question 7

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

A Review the OWASP Top Ten List.
B Store passwords in clear text in .conf files.
C Review the OWASP Secure Coding Practices Quick Reference Guide.
D Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

Question 8

There is a global search named global_search defined on a form as shown below:
<search id=global_search>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)

A | tstats count
B sourcetype=mysourcetype
C stats sum(count) AS count by log level
D search log_level=error | stats sum(count) AS count by component

Question 9

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

A Cannot use event sampling.
B Use a transforming command.
C Use a standard Splunk visualization.
D Commands before the first transforming command must be streamable.

Question 10

Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)

A Multiple tokens can be created for use with different sourcetypes and indexes.
B The edit token http admin role capability is required to create a token.
C To create a token, send a POST request to services/collector endpoint.
D Tokens can be edited using the data/inputs/http/{tokenName} endpoint.

Question 11

Which type of command is tstats?

A Generating
B Transforming
C Centralized streaming
D Distributable streaming

Question 12

When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?

A App
B User
C Global
D Nobody

Question 13

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

A Stores checkpoint data for modular inputs.
B Tracks workflow in an incident-review system.
C Indexes metrics data from remote HTTP sources.
D Stores application state as a user interacts with an app.

Question 14

How can hiding or showing a panel by clicking on a chart or a table on the same form be performed?

A By using vent drilldown.
B By using workflow action.
C By using contextual drilldown.
D By using visualization drilldown.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 70

1 2 3

→

Know a question that should be here? Contribute to this exam

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?

A <option name ג€link.openSearch.viewTarget">$row.link$</option>
B <drilldown> <link target=ג€ blank">$$row.link$$</link> </drilldown>
C <drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
D <drilldown> <link target ג€_blank">http://localhost:8000/debug/refresh</link> </drilldown>

Which of the following options would be the best way to identify processor bottlenecks of a search?

A Using the REST API.
B Using the search job inspector.
C Using the Splunk Monitoring Console.
D Searching the Splunk logs using index=ג€ internalג€.