Splunk Intro to Splunk Quiz 15 Questions with Answers 2023
Which search mode behaves differently depending on the type of search being run?
(A)
... [Show More] Fast
(B) variable
(C) Smart
(D) Verbose - CORRECT ANSWER (C) Smart
Which character is used in a search before a command?
(A) A pipe (|)
(B) A backtick (`)
(C) A tilde (~)
(D) A quotation mark (") - CORRECT ANSWER (A) A pipe (|)
Which of the following searches will return results containing the terms failed, password, or failed password?
(A) failed OR password
(B) failed password OR "failed password"
(C) fail*
(D) failed OR password OR "failed password" - CORRECT ANSWER (A) failed OR password
(D) failed OR password OR "failed password"
What are the default roles in Splunk Enterprise?
(A) Admin
(B) Power
(C) Manager
(D) User - CORRECT ANSWER (A) Admin
(B) Power
(D) User
Which command can be used to further filter results in a search?
(A) Search
(B) Subset
(C) Filter
(D) Subsearch - CORRECT ANSWER (A) Search
What determines the timestamp shown on returned events in a search?
(A) Timestamps are displayed in Greenwich Mean Time
(B) Timestamps are displayed in epoch time
(C) The time zone where the event originated
(D) The time zone defined in user settings - CORRECT ANSWER (D) The time zone defined in user settings
By default, how long does a search job remain active?
(A) 7 days
(B) 30 minutes
(C) 10 minutes - CORRECT ANSWER (C) 10 minutes
When a search is run, in what order are events returned?
(A) Reverse chronological order
(B) Reverse alphanumeric order
(C) Chronological order
(D) Alphanumeric order - CORRECT ANSWER (A) Reverse chronological order
What is the most efficient way to limit search results returned?
(A) index
(B) time
(C) host
(D) source - CORRECT ANSWER (B) time
By default, which of the following roles are required to share knowledge objects?
(A) Power
(B) Admin
(C) Manager
(D) User - CORRECT ANSWER (A) Power
(B) Admin
Which Splunk infrastructure component stores ingested data?
(A) Datasets
(B) Data models
(C) Dashboards
(D) Index - CORRECT ANSWER (D) Index
By default, who is able to view a saved report?
(A) The user who created it
(B) Any user with a power or admin role
(C) Any user with a power or admin role
(D) Any user with the viewreports capability - CORRECT ANSWER (A) The user who created it
Which of the following searches will return results containing the phrase "failed password"?
(A) "failed password"
(B) failed password
(C) `failed password`
(D) (failed password) - CORRECT ANSWER (A) "failed password"
Which of the following searches will return results containing the words fail, failure, or failed?
(A) fail+
(B) *fail
(C) fail
(D) fail* - CORRECT ANSWER (D) fail*
Which of the following booleans can be used in a search?
(A) ALSO
(B) NOT
(C) AND
(D) OR - CORRECT ANSWER (B) NOT
(C) AND
(D) OR [Show Less]