[18-Sep-2020] New 2020 Splunk Core Certified User SPLK-1001 Exam Questions (Update Questions)

1. Which Field/Value pair will return only events found in the index named security?

2. Which statement describes field discovery at search time?

3. What are the three main Splunk components?

4. When is an alert triggered?

5. Which search will return the 15 least common field values for the dest_ip field?

6. What is the default lifetime of every Splunk search job?

7. In the Fields sidebar, what does the number directly to the right of the field name indicate?

8. How can results from a specified static lookup file be displayed?

9. When is the pipe character, I, used in search strings?

10. Which of the following is the best way to create a report that shows the last 24 hours of events?

11. What are the two most efficient search filters?

12. Which of the following is a metadata field assigned to every event in Splunk?

13. Assuming a user has the capability to edit reports, which of the following are editable?

14. What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

15. When viewing results of a search job from the Activity menu, which of the following is displayed?

16. Which of the following is a correct way to limit search results to display the 5 most common values of a field?

17. Which of the following is the most efficient search?

18. Which command will rename action to Customer Action?

19. Which of the following is a Splunk internal field?

20. What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?