New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Splunk SPLK-2001 Splunk Certified Developer Exam Exam Practice Test

Demo: 21 questions
Total 70 questions

Splunk Certified Developer Exam Questions and Answers

Question 1

Which of the following are characteristics of an add-on? (Select all that apply.)

Options:

A.

Requires navigation file.

B.

Occupies a unique namespace within Splunk.

C.

Can depend on add-ons for correct operation.

D.

Contains technology or components not intended for reuse by other apps.

Question 2

A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says “fix the permissions”.

In what configuration file should the snippet be placed?

[]

access = read : [ * ], write : [ admin ] export - system

(Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/)

Options:

A.

$APP_HOME/default/app.conf

B.

$APP_HOME/local/default.meta

C.

$APP_HOME/metadata/local.meta

D.

$SPLUNK_HOME/etc/system/local/server.conf

Question 3

Which of these URLs could be used to construct a REST request to search the employee KV store collection to find records with a rating greater than or equal to 2 and less than 5?

Options:

A.

‘http://localhost:8089/servicesNS/nobody/search/storage/collections/data/ employees?query={$and:[{rating:{$gte:2}},{rating:{$lt:5}}]} &output_mode-json’

B.

‘http://localhost:8089/servicesNS/nobody/search/storage/collections/data/ employees?query={$and:[{rating:$gte:2}},{rating:{$lt:5}}]} &output_mode=json’

C.

‘http://localhost:8089/servicesNS/nobody/search/storage/collections/data/ employees?query={%22rating%22:{%22$gte%22:2}},{%22$and%22},{%22rating%22:{% 22$lt%22:5}}} &output_mode=json’

D.

‘http://localhost:8089/servicesNS/nobody/search/storage/collections/data/ employees?query={%22$and%22:[{%22rating%22:{%22$gte%22:2}},{%22rating%22:{% 22$lt%22:5}}]} &output_mode=json’

Question 4

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

Options:

A.

Review the OWASP Top Ten List.

B.

Store passwords in clear text in .conf files.

C.

Review the OWASP Secure Coding Practices Quick Reference Guide.

D.

Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

Question 5

The response message from a successful Splunk REST call includes an element. What is contained in an element?

Options:

A.

A dictionary of elements.

B.

Metadata encapsulating the element.

C.

A response code indicating success or failure.

D.

An individual element in an collection.

Question 6

Which of the following are valid request arguments for the REST search endpoints? (Select all that apply.)

Options:

A.

latest_time=rt

B.

latest_time=now

C.

earliest_time=-5h@h

D.

earliest_time=rt_10m@m

Question 7

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

Options:

A.

Cannot use event sampling.

B.

Use a transforming command.

C.

Use a standard Splunk visualization.

D.

Commands before the first transforming command must be streamable.

Question 8

Which of the following describes a Splunk custom visualization?

Options:

A.

A visualization with custom colors.

B.

Any visualization available in Splunk.

C.

A visualization in Splunk modified by the user.

D.

A visualization that uses the Splunk Custom Visualization API.

Question 9

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:

index news sourcetype web_proxy | table sourcetype title link

Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?

Options:

A.

B.

$$row.link$$

C.

$row.link|n$

D.

http://localhost:8000/debug/refresh

Question 10

When using the Splunk Web Framework to create a global search, which is the correct post-process syntax for the base search shown below?

var searchmain = new SearchManager{{ id: “base-search”,

search: “index= internal | head 10 | fields “*”, preview: true,

cache: true

}};

Options:

A.

var mypostproc1 = new PostProcessManager {{ id: “post1”,

managerid: “base-search”,

search: “| stats count by sourcetype”

}};

B.

var mypostproc1 = new PostProcessManager{{ id: “post1”,

managerid: “base”,

search: “| stats count by sourcetype”

}};

C.

var mypostproc1 = new PostProcess{{ id: “post1”,

managerid: “base-search”,

search: “| search stats count by sourcetype”

}};

D.

You cannot create global searches in the Splunk Web Framework.

Question 11

Which of the following ensures that quotation marks surround the value referenced by the token?

Options:

A.

$token_name|s$

B.

“$token_name$”

C.

($token_name$)

D.

\“$token_name$\”

Question 12

Which of the following Simple XML elements configure panel link buttons? (Select all that apply.)

Options:

A.

Open In Search

B.

C.

D.

Question 13

Given the following two files defining app navigation, which navigation options will be displayed to the end user? (Select all that apply.)

$SPLUNK_HOME/etc/apps/app_name/default/data/ui/nav/default.xml

$SPLUNK_HOME/etc/apps/app_name/local/data/ui/nav/default/xml

Options:

A.

Search

B.

Reports

C.

Datasets

D.

Dashboards

Question 14

Log files related to Splunk REST calls can be found in which indexes? (Select all that apply.)

Options:

A.

_audit

B.

_internal

C.

_thefishbucket

D.

_blocksignature

Question 15

Which of the following is an intended use of HTTP Event Collector tokens?

Options:

A.

A cookie.

B.

An HTTP header field.

C.

A JSON field in the HTTP request.

D.

A password in conjunction with login.

Question 16

Data can be added to a KV store collection in which of the following format(s)?

Options:

A.

JSON

B.

JSON, XML

C.

JSON, XML, CSV

D.

JSON, XML, CSV, TXT

Question 17

There is a global search named “global_search” defined on a form as shown below:

index-_internal source-*splunkd.log | stats count by component, log_level

Which of the following would be a valid post-processing search? (Select all that apply.)

Options:

A.

| tstats count

B.

sourcetype=mysourcetype

C.

stats sum(count) AS count by log level

D.

search log_level=error | stats sum(count) AS count by component

Question 18

A KV store collection can be associated with a namespace for which of the following users?

Options:

A.

Nobody

B.

Users in the admin role.

C.

Users in the admin and power roles.

D.

Users in the admin, power, and splunk-system-user roles.

Question 19

Which of the following statements describe one-shot searches? (Select all that apply.)

Options:

A.

Are always executed asynchronously.

B.

Can specify csv as an output format.

C.

Stream all results upon search completion.

D.

Can use autocancel to set a timeout limit.

Question 20

Which type of command is tstats?

Options:

A.

Generating

B.

Transforming

C.

Centralized streaming

D.

Distributable streaming

Question 21

How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)

Options:

A.

By configuring a WMI input.

B.

By using HTTP event collector.

C.

By using a Windows heavy forwarder.

D.

By using a Windows universal forwarder.

Demo: 21 questions
Total 70 questions