Splunk SPLK-2001 Exam Questions

Questions for the SPLK-2001 were updated on : Oct 11 ,2024

Page 1 out of 5. Viewing questions 1-15 out of 70

Question 1

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit
the hyperlinks contained in the link field?

  • A. <option name “link.openSearch.viewTarget">$row.link$</option>
  • B. <drilldown> <link target= blank">$$row.link$$</link> </drilldown>
  • C. <drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
  • D. <drilldown> <link target _blank">http://localhost:8000/debug/refresh</link> </drilldown>
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/BuildandeditdashboardswithSimplifiedX
ML

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

When updating a knowledge object via REST, which of the following are valid values for the sharing
Access Control List property?

  • A. App
  • B. User
  • C. Global
  • D. Nobody
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following are ways to get a list of search jobs? (Select all that apply.)

  • A. Access Activity > Jobs with Splunk Web.
  • B. Use Splunk REST to query the /services/search/jobs endpoint.
  • C. Use Splunk REST to query the /services/saved/searches endpoint.
  • D. Use Splunk REST to query the /services/search/sid/results endpoint.
Answer:

AB

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Search/SupervisejobswiththeJobspage

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)

  • A. Add custom layouts.
  • B. Add custom graphics.
  • C. Add custom behaviors.
  • D. Limit Splunk license consumption based on host.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/
modifydashboards/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that
apply.)

  • A. No need to do anything, it is turned on by default.
  • B. When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
  • C. When a new HEC token is created in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
  • D. When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
Answer:

CD

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/UsetheHTTPEventCollector

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance.
After logging in to the new instance, the dashboard is not seen. What could have happened? (Select
all that apply.)

  • A. The dashboard’s permissions were set to private.
  • B. User role permissions are different on the new instance.
  • C. The admin deleted the myApp/local directory before packaging.
  • D. Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav
Answer:

AB

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/DashboardPermissions

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following statements define a namespace?

  • A. The namespace is a combination of the user and the app.
  • B. The namespace is a combination of the user, the app, and the role.
  • C. The namespace is a combination of the user, the app, the role, and the sharing level.
  • D. The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following are characteristics of an add-on? (Select all that apply.)

  • A. Requires navigation file.
  • B. Occupies a unique namespace within Splunk.
  • C. Can depend on add-ons for correct operation.
  • D. Contains technology or components not intended for reuse by other apps.
Answer:

AD

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following statements describe oneshot searches? (Select all that apply.)

  • A. Are always executed asynchronously.
  • B. Can specify csv as an output format.
  • C. Stream all results upon search completion.
  • D. Can use auto_cancel to set a timeout limit.
Answer:

BC

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://dev.splunk.com/enterprise/docs/devtools/java/sdk-
java/howtousesdkjava/howtoworkjobjava/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following options would be the best way to identify processor bottlenecks of a search?

  • A. Using the REST API.
  • B. Using the search job inspector.
  • C. Using the Splunk Monitoring Console.
  • D. Searching the Splunk logs using index=“ internal”.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following is true of a namespace?

  • A. The namespace is a type of token filter.
  • B. The namespace includes an app attribute which cannot be a wildcard.
  • C. The namespace filters the knowledge objects returned by the REST API.
  • D. The namespace does not filter knowledge objects returned by the REST API.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What must be done when calling the serviceNS endpoint?

  • A. Authenticate with an admin user.
  • B. Specify the user and app context in the URI.
  • C. Authenticate with the user of the required context.
  • D. Pass the user and app context in the request payload.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with
a power user role to access information about mySearch, a saved search owned by someone with a
user role?

  • A. /servicesNS/-/data/saved/searches/mySearch
  • B. /servicesNS/object/saved/searches/mySearch
  • C. /servicesNS/search/saved/searches/mySearch
  • D. /servicesNS/-/search/saved/searches/mySearch
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Using Splunk Web to modify config settings for a shared object, a revised config file with those
changes is placed in which directory?

  • A. $SPLUNK_HOME/etc/apps/myApp/local
  • B. $SPLUNK_HOME/etc/system/default/
  • C. $SPLUNK_HOME/etc/system/local
  • D. $SPLUNK_HOME/etc/apps/myApp/default
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Howtoeditaconfigurationfile

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What application security best practices should be adhered to while developing an app for Splunk?
(Select all that apply.)

  • A. Review the OWASP Top Ten List.
  • B. Store passwords in clear text in .conf files.
  • C. Review the OWASP Secure Coding Practices Quick Reference Guide.
  • D. Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
Answer:

AC

User Votes:
A
50%
B
50%
C
50%
D
50%

Reference: https://dev.splunk.com/enterprise/docs/developapps/testvalidate/securitybestpractices/

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2