Splunk SPLK-2001 Exam Practice Test Instant Access

Question 1

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

AReview the OWASP Top Ten List.

BStore passwords in clear text in .conf files.

CReview the OWASP Secure Coding Practices Quick Reference Guide.

DEnsure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

Answer : A, C

Question 2

Which of the following are ways to get a list of search jobs? (Select all that apply.)

AAccess Activity > Jobs with Splunk Web.

BUse Splunk REST to query the /services/search/jobs endpoint.

CUse Splunk REST to query the /services/saved/searches endpoint.

DUse Splunk REST to query the /services/search/sid/results endpoint.

Answer : A, B

Question 3

Which of the following is a way to monitor app performance? (Select all that apply.)

AUsing Splunk logs.

BUsing the search job inspector.

CUsing the Monitoring Console.

DUsing the storage/collections/config REST endpoint.

Answer : A, C

Question 4

What must be done when calling the serviceNS endpoint?

AAuthenticate with an admin user.

BSpecify the user and app context in the URI.

CAuthenticate with the user of the required context.

DPass the user and app context in the request payload.

Answer : B

Question 5

Which of the following statements describe oneshot searches? (Select all that apply.)

AAre always executed asynchronously.

BCan specify csv as an output format.

CStream all results upon search completion.

DCan use auto_cancel to set a timeout limit.

Answer : B, C

Question 6

Searching ''index=_internal metrics | head 3'' from Splunk Web returned the following events:

04-12-2018 18:39:43.514 +0200 INFO Metrics -- group=thruput, name=thruput, instantaneous_kbps=0.9651774014563425, instantaneous_eps=5.645638802094809, average_kbps=1.198995639527069, total_k_processed=2676, kb=29.91796875, ev=175, load_average=3.85888671875

04-12-2018 18:39:43.514 +0200 INFO Metrics -- group_thruput, name_syslog_output, instantaneous_kbps=0, instantaneous_eps_0, average_kbps=0, total_k_processed=0, kb=0, ev=0

04-12-2018 18:39:43.513 +0200 INFO Metrics -- group_thruput, name_index_thruput, instantaneous_kbps=0.9651773703189551, instantaneous_eps=4.87137960922438, average_kbps=1.1985932324065556, total_k_processed=2675, kb=29.91796875, ev=151

When the same search is required from a REST API call, which fields will be given? (Select all that apply.)

A_raw

Bname

Csourcetype

Dinstantaneous_kbps

Answer : A, C

Question 7

Which of the following are valid parent elements for the event action shown below? (Select all that apply.)

sourcetype=$click.value|s$

A<eval>

B<change>

C<change>
<condition>

D<drilldown>
<condition>

Answer : A, C

Splunk Certified Developer SPLK-2001 Exam Practice Test