• ホーム
  • ブログ
  • [2023年07月30日]SPLK-1002試験問題集でSplunk練習テスト問題 [Q50-Q74]

[2023年07月30日]SPLK-1002試験問題集でSplunk練習テスト問題 [Q50-Q74]

Share

[2023年07月30日]SPLK-1002試験問題集でSplunk練習テスト問題

最新でリアルなSPLK-1002試験問題集解答

質問 # 50
Creating Data Models:
Object ATTRIBUTES do not define ___________.

  • A. a base search for the object
  • B. fields for the object

正解:A


質問 # 51
Which of the following workflow actions can be executed from search results? (select all that apply)

  • A. Search
  • B. GET
  • C. POST
  • D. LOOKUP

正解:A、B、C


質問 # 52
Which search mode automatically decides how to return fields based on your search?

  • A. Smart mode
  • B. Verbose mode
  • C. Fast mode

正解:A


質問 # 53
To identify all of the contributing events within a transaction that contain at least one REJECTevent, which syntax is correct?

  • A. index=main | transaction sessionid | where transaction="REJECT*"
  • B. index=main REJECT | transaction sessionid
  • C. index=main | transaction sessionid | where transaction=reject
  • D. index=main | transaction sessionid | search REJECT

正解:D

解説:
Explanation/Reference:


質問 # 54
These kinds of fields are identified in your data at INDEX time. ----ans ?able

  • A. Data-specific fields
  • B. Default fields

正解:B


質問 # 55
Which of the following are valid options with the chart command ?(select all that apply)

  • A. useother=f
  • B. split=t
  • C. transcation=t
  • D. usenull=f

正解:A、D


質問 # 56
Field discovery occurs at ___________ time.

  • A. search
  • B. index

正解:A


質問 # 57
In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server Error")

  • A. The description field would contain the value 0.
  • B. The description field would contain the value "Internal Server Error".
  • C. The description field would contain no value.
  • D. This statement would produce an error in Splunk because it is incomplete.

正解:C

解説:
https://docs.splunk.com/Documentation/Splunk/8.1.1/SearchReference/ConditionalFunctions


質問 # 58
Data model fields can be added using the Auto-Extracted method.
Which of the following statements describe Auto-Extracted fields? (Choose all that apply.)

  • A. Auto-Extracted fields can be given a friendly name for use in Pivot.
  • B. Auto-Extracted fields can be added if they already exist in the dataset with constraints.
  • C. Auto-Extracted fields can have their data type changed.
  • D. Auto-Extracted fields can be hidden in Pivot.

正解:C


質問 # 59
Consider the following search:
Index=web sourcetype=access_combined
The log shows several events that share the same JSESSIONID value (SD404K289O2F151). View the events as a group. From the following list, which search groups events by JSESSIONID?

  • A. index-web sourcetype=access_combined I transaction JSESSIONID I search SD404K289O2F151
  • B. index=web sourcetype=access_combined JSESSIONID <SD404K289O2F151>
  • C. index=web sourcetype=access_combined I highlight JSESSIONID I search SD404K289O2F151
  • D. index=web sourcetype=access_combined SD404K289O2F151 I table JSESSIONID

正解:B


質問 # 60
Information needed to create a GET workflow action includes which of the following? (select all that apply.)

  • A. A URI where the user will be directed at search time.
  • B. A label that will appear in the Event Action menu at search time.
  • C. A name for the URI where the user will be directed at search time.
  • D. A name of the workflow action

正解:A、B、D


質問 # 61
There are several ways to access the field extractor.
Which option automatically identifies the data type, source type, and sample event?

  • A. Event Actions > Extract Fields
  • B. Fields sidebar > Extract New Fields
  • C. Settings > Field Extractions > New Field Extraction
  • D. Settings > Field Extractions > Open Field Extractor

正解:C

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.4/Knowledge/Managesearch- timefieldextractions


質問 # 62
When using the transaction command, what does the argument maxspan do?

  • A. Sets the maximum length that any single event can reach to be included in the transaction.
  • B. Sets the maximum total time between the earliest and latest events in a transaction.
  • C. Sets the maximum length of all events within a transaction.
  • D. Sets the maximum total time between events in a transaction.

正解:B

解説:
Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Transaction


質問 # 63
Which of the following is a function of the Splunk Common Information Model (CIM)?

  • A. Normalizing data across a Splunk deployment.
  • B. Algorithmically shifting events to other indexes.
  • C. Reingesting previously indexed data with new field names.
  • D. Providing templates for reports and dashboards.

正解:A


質問 # 64
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the event?

  • A. Rank
  • B. Priority
  • C. Weight
  • D. Precedence

正解:B

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes


質問 # 65
After manually editing; a regular expression (regex), which of the following statements is true?

  • A. The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited.
  • B. Changes made manually can be reverted in the Field Extractor (FX) UI.
  • C. It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI.
  • D. It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

正解:A


質問 # 66
In which Settings section are macros defined?

  • A. Fields
  • B. Searches, Reports, Alerts
  • C. Advanced Search
  • D. Tokens

正解:C


質問 # 67
When should you use the transactioncommand instead of the stats command?

  • A. When you have over 1000 events in a transaction.
  • B. When you need to group on multiple values.
  • C. When you need to group based on start and end constraints.
  • D. When duration is irrelevant in search results.

正解:B

解説:
Explanation/Reference: https://www.splunk.com/en_us/blog/tips-and-tricks/book-excerpt-when-to-use-transaction-and- when-to-use-stats.html


質問 # 68
The limit attribute will___________.

  • A. override default of 20
  • B. override default of 15
  • C. only work with top command
  • D. override default of 10

正解:D


質問 # 69
Which of the following searches would return a report of sales by product-name?

  • A. chart sales by product_name
  • B. stats sum(price) as sales over product_name
  • C. timechart list(sales), values(product_name)
  • D. chart sum(price) as sales by product_name

正解:D

解説:
https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/Chart
https://docs.splunk.com/Documentation/Splunk/8.1.0/SearchReference/Stats


質問 # 70
In automatic lookup definitions, the _____ fields are those that are not in the event data.

  • A. input
  • B. output

正解:B


質問 # 71
Which of the following statements describes macros?

  • A. A macro Is a reusable search string that may have a flexible time range.
  • B. A macro is a reusable search string that must have a fixed time range.
  • C. A macro is a reusable search string that must contain the full search.
  • D. A macro Is a reusable search string that must contain only a portion of the search.

正解:A


質問 # 72
When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.)

  • A. Tabs
  • B. Pipes
  • C. Spaces
  • D. Colons

正解:B、C

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep


質問 # 73
An alert does not have to trigger every time it generates search results.

  • A. False
  • B. True

正解:B


質問 # 74
......

SPLK-1002認証試験問題集解答を提供しています:https://drive.google.com/open?id=1duWZ6FWJWkssX5wuq98vUfhVPjZY1xAT

あなたを簡単に合格させるSPLK-1002試験正確なPDF問題:https://www.goshiken.com/Splunk/SPLK-1002-mondaishu.html

関するブログ

もっと
SPLK-1002無料問題集