Question 1

Place content to set on page load inside which of the following Simple XML tags?

Accepted Answer

A) B) C) D) A) B) C) D) C

Question 2

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

Accepted Answer

A)  Stores checkpoint data for modular inputs. 
B)  Tracks workflow in an incident-review system. 
C)  Indexes metrics data from remote HTTP sources. 
D)  Stores application state as a user interacts with an app. 
A)  Stores checkpoint data for modular inputs. 
B)  Tracks workflow in an incident-review system. 
C)  Indexes metrics data from remote HTTP sources. 
D)  Stores application state as a user interacts with an app. A,B

Question 3

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks: index news sourcetype web_proxy | table sourcetype title link Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?

Accepted Answer

A) B) $$row.link$$ C) $row.link|n$ D) http://localhost:8000/debug/refresh A) B) $$row.link$$ C) $row.link|n$ D) http://localhost:8000/debug/refresh A

Question 4

Which of the following are valid parent elements for the event action shown below? (Select all that apply.) sourcetype=$click.value|s$

Accepted Answer

A) B) C) D) A) B) C) D)

Question 5

How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)

Accepted Answer

A)  By configuring a WMI input. 
B)  By using HTTP event collector. 
C)  By using a Windows heavy forwarder. 
D)  By using a Windows universal forwarder. 
A)  By configuring a WMI input. 
B)  By using HTTP event collector. 
C)  By using a Windows heavy forwarder. 
D)  By using a Windows universal forwarder.

Question 6

Which Splunk REST endpoint is used to create a KV store collection?

Accepted Answer

A)  /storage/collections 
B)  /storage/kvstore/create 
C)  /storage/collections/config 
D)  /storage/kvstore/collections 
A)  /storage/collections 
B)  /storage/kvstore/create 
C)  /storage/collections/config 
D)  /storage/kvstore/collections

Question 7

There is a global search named "global_search" defined on a form as shown below: index-_internal source-*splunkd.log | stats count by component, log_level Which of the following would be a valid post-processing search? (Select all that apply.)

Accepted Answer

A)  | tstats count 
B)  sourcetype=mysourcetype 
C)  stats sum(count) AS count by log level 
D)  search log_level=error | stats sum(count) AS count by component 
A)  | tstats count 
B)  sourcetype=mysourcetype 
C)  stats sum(count) AS count by log level 
D)  search log_level=error | stats sum(count) AS count by component

Question 8

Using Splunk Web to modify config settings for a shared object, a revised file with those changes is placed in which directory?

Accepted Answer

A)  $SPLUNK_HOME/etc/apps/myApp/local 
B)  $SPLUNK_HOME/etc/system/default/ 
C)  $SPLUNK_HOME/etc/system/local 
D)  $SPLUNK_HOME/etc/apps/myApp/default 
A)  $SPLUNK_HOME/etc/apps/myApp/local 
B)  $SPLUNK_HOME/etc/system/default/ 
C)  $SPLUNK_HOME/etc/system/local 
D)  $SPLUNK_HOME/etc/apps/myApp/default

Question 9

What predefined drilldown tokens are available specifically for trellis layouts? (Select all that apply.)

Accepted Answer

A)  trellis.Xaxis 
B)  trellis.Yaxis 
C)  trellis.name 
D)  trellis.value 
A)  trellis.Xaxis 
B)  trellis.Yaxis 
C)  trellis.name 
D)  trellis.value

Question 10

Which of the following endpoints is used to authenticate with the Splunk REST API?

Accepted Answer

A)  /services/auth/login 
B)  /services/session/login 
C)  /services/auth/session/login 
D)  /servicesNS/authentication/login 
A)  /services/auth/login 
B)  /services/session/login 
C)  /services/auth/session/login 
D)  /servicesNS/authentication/login

Question 11

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

Accepted Answer

A)  Cannot use event sampling. 
B)  Use a transforming command. 
C)  Use a standard Splunk visualization. 
D)  Commands before the first transforming command must be streamable. 
A)  Cannot use event sampling. 
B)  Use a transforming command. 
C)  Use a standard Splunk visualization. 
D)  Commands before the first transforming command must be streamable.

Question 12

Which of the following are reserved field names in a KV Store? (Select all that apply.)

Accepted Answer

A)  _key 
B)  _time 
C)  _user 
D)  _source 
A)  _key 
B)  _time 
C)  _user 
D)  _source

Question 13

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

Accepted Answer

A)  No need to do anything, it is turned on by default. 
B)  When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1. 
C)  When a new HEC token is created in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement". 
D)  When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement". 
A)  No need to do anything, it is turned on by default. 
B)  When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1. 
C)  When a new HEC token is created in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement". 
D)  When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement".

Question 14

In a DELETE request, what would omitting the value of _key from the REST endpoint do?

Accepted Answer

A)  Clean the KV store, deleting all content. 
B)  Produce the syntax error "Key value missing" . Produce the syntax error "Key value missing" . 
C)  Cause all records in a collection to be deleted. 
D)  Mean that the _key value must be passed as an argument. Mean that the value must be passed as an argument. 
A)  Clean the KV store, deleting all content. 
B)  Produce the syntax error "Key value missing" . Produce the syntax error "Key value missing" . 
C)  Cause all records in a collection to be deleted. 
D)  Mean that the _key value must be passed as an argument. Mean that the value must be passed as an argument.

Question 15

Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)

Accepted Answer

A)  Be url-encoded. 
B)  Specify the datatype. 
C)  Include the bucket path. 
D)  Include the name argument. Include the name argument. 
A)  Be url-encoded. 
B)  Specify the datatype. 
C)  Include the bucket path. 
D)  Include the name argument. Include the name argument.

Question 16

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?

Accepted Answer

A)  /servicesNS/-/data/saved/searches/mySearch 
B)  /servicesNS/object/saved/searches/mySearch 
C)  /servicesNS/search/saved/searches/mySearch 
D)  /servicesNS/-/search/saved/searches/mySearch 
A)  /servicesNS/-/data/saved/searches/mySearch 
B)  /servicesNS/object/saved/searches/mySearch 
C)  /servicesNS/search/saved/searches/mySearch 
D)  /servicesNS/-/search/saved/searches/mySearch

Question 17

Which of the following are ways to get a list of search jobs? (Select all that apply.)

Accepted Answer

A)  Access Activity > Jobs with Splunk Web. Access Activity > Jobs with Splunk Web. 
B)  Use Splunk REST to query the /services/search/jobs endpoint. Use Splunk REST to query the /services/search/jobs endpoint. 
C)  Use Splunk REST to query the /services/saved/searches endpoint. /services/saved/searches 
D)  Use Splunk REST to query the /services/search/sid/results endpoint. /services/search/sid/results 
A)  Access Activity > Jobs with Splunk Web. Access Activity > Jobs with Splunk Web. 
B)  Use Splunk REST to query the /services/search/jobs endpoint. Use Splunk REST to query the /services/search/jobs endpoint. 
C)  Use Splunk REST to query the /services/saved/searches endpoint. /services/saved/searches 
D)  Use Splunk REST to query the /services/search/sid/results endpoint. /services/search/sid/results

Question 18

A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says "fix the permissions". In what configuration file should the snippet be placed? [] access = read : [ * ], write : [ admin ] export - system (Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/ <app name> )

Accepted Answer

A)  $APP_HOME/default/app.conf 
B)  $APP_HOME/local/default.meta 
C)  $APP_HOME/metadata/local.meta 
D)  $SPLUNK_HOME/etc/system/local/server.conf 
A)  $APP_HOME/default/app.conf 
B)  $APP_HOME/local/default.meta 
C)  $APP_HOME/metadata/local.meta 
D)  $SPLUNK_HOME/etc/system/local/server.conf

Question 19

Which of the following is true of a namespace?

Accepted Answer

A)  The namespace is a type of token filter. 
B)  The namespace includes an app attribute which cannot be a wildcard. 
C)  The namespace filters the knowledge objects returned by the REST API. 
D)  The namespace does not filter knowledge objects returned by the REST API. 
A)  The namespace is a type of token filter. 
B)  The namespace includes an app attribute which cannot be a wildcard. 
C)  The namespace filters the knowledge objects returned by the REST API. 
D)  The namespace does not filter knowledge objects returned by the REST API.

Question 20

The response message from a successful Splunk REST call includes an <entry> element. What is contained in an element?

Accepted Answer

A) A dictionary of elements. A dictionary of elements. B) Metadata encapsulating the element. Metadata encapsulating the element. C) A response code indicating success or failure. D) An individual element in an collection. An individual element in an collection. A) A dictionary of elements. A dictionary of elements. B) Metadata encapsulating the element. Metadata encapsulating the element. C) A response code indicating success or failure. D) An individual element in an collection. An individual element in an collection.

Place content to set on page load inside which of the following Simple XML tags?

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

Which of the following are valid parent elements for the event action shown below? (Select all that apply.) <set token=" Token Name ">sourcetype=$click.value|s$</set>

How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)

Which Splunk REST endpoint is used to create a KV store collection?

There is a global search named "global_search" defined on a form as shown below: <search id="global_search"> <query> index-_internal source-*splunkd.log | stats count by component, log_level </query> </search> Which of the following would be a valid post-processing search? (Select all that apply.)

Using Splunk Web to modify config settings for a shared object, a revised file with those changes is placed in which directory?

What predefined drilldown tokens are available specifically for trellis layouts? (Select all that apply.)

Which of the following endpoints is used to authenticate with the Splunk REST API?

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

Which of the following are reserved field names in a KV Store? (Select all that apply.)

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

In a DELETE request, what would omitting the value of _key from the REST endpoint do?

Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?

Which of the following are ways to get a list of search jobs? (Select all that apply.)

Which of the following is true of a namespace?

The response message from a successful Splunk REST call includes an <entry> element. What is contained in an element?

Splunk Core Certified User

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters

Exam 4: Splunk Enterprise Certified Architect

Place content to set on page load inside which of the following Simple XML tags?

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

Which of the following are valid parent elements for the event action shown below? (Select all that apply.) <set token=" Token Name ">sourcetype=$click.value|s$</set>

How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)

Which Splunk REST endpoint is used to create a KV store collection?

There is a global search named "global_search" defined on a form as shown below: <search id="global_search"> <query> index-_internal source-*splunkd.log | stats count by component, log_level </query> </search> Which of the following would be a valid post-processing search? (Select all that apply.)

Using Splunk Web to modify config settings for a shared object, a revised file with those changes is placed in which directory?

What predefined drilldown tokens are available specifically for trellis layouts? (Select all that apply.)

Which of the following endpoints is used to authenticate with the Splunk REST API?

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

Which of the following are reserved field names in a KV Store? (Select all that apply.)

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

In a DELETE request, what would omitting the value of _key from the REST endpoint do?

Which of the following are requirements for arguments sent to the data/indexes endpoint? (Select all that apply.)

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?

Which of the following are ways to get a list of search jobs? (Select all that apply.)

Which of the following is true of a namespace?

The response message from a successful Splunk REST call includes an <entry> element. What is contained in an element?

Splunk Core Certified User

Splunk Enterprise Certified Admin

Splunk Certified Developer

Splunk Enterprise Security Certified Admin

Splunk IT Service Intelligence Certified Admin

Splunk Core Certified Consultant

Filters