SPLK-1002 Free Practice Test

- (Exam Topic 2)
Which of the following are valid options to speed up reports? (Select all the apply.)

1. A. Edit permissions
2. B. Edit description
3. C. Edit acceleration
4. D. Edit schedule

Correct Answer: C

- (Exam Topic 1)
What are the two parts of a root event dataset?

1. A. Fields and variables.
2. B. Fields and attributes.
3. C. Constraints and fields.
4. D. Constraints and lookups.

Correct Answer: C

- (Exam Topic 2)
Which is not a comparison operator in Splunk

1. A. <=
2. B. =
3. C. !=
4. D. >
5. E. ?=

Correct Answer: E

- (Exam Topic 1)
Which of the following actions can the eval command perform?

1. A. Remove fields from results.
2. B. Create or replace an existing field.
3. C. Group transactions by one or more fields.
4. D. Save SPL commands to be reused in other searches.

Correct Answer: B

- (Exam Topic 1)
Which of the following statements describes POST workflow actions?

1. A. POST workflow actions are always encrypted.
2. B. POST workflow actions cannot use field values in their URI.
3. C. POST workflow actions cannot be created on custom sourcetypes.
4. D. POST workflow actions can open a web page in either the same window or a new .

Correct Answer: D