SPLUNK CORE CERTIFIED USER &
SPLUNK FUNDAMENTALS 1
T/F:
Machine data is always structured. - Correct Answers -False.
Machine data can be structured or unstructured.
Machine data makes up for more than ___% of the data accumulated by organizations.
- Correct Answers -90
T/F:
Machine data is only generated by web servers. - Correct Answers -False
Search requests are processed by the ___________. - Correct Answers -Indexers
Search strings are sent from the _________. - Correct Answers -Search Head
In most Splunk deployments, ________ serve as the primary way data is supplied for
indexing. - Correct Answers -Forwarders
Which of these is *not* a main component of Splunk?
A) Search and investigate.
B) Compress and archive.
C) Add knowledge.
D) Collect and index data. - Correct Answers -B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A) Indexers
B) Deployment Maker
C) Search Heads
D) Forwarders
E) Distributors - Correct Answers -A) Indexers
C) Search Heads
D) Forwarders
,_________ define what users can do in Splunk.
A) Tokens
B) Disk permissions
C) Roles - Correct Answers -C) Roles
This role will only see their own knowledge objects and those that have been shared
with them.
A) User
B) Power
C) Admin - Correct Answers -A) User
T/F:
You can launch and manage apps from the home app. - Correct Answers -True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King
B) User
C) Manager
D) Admin
E) Power - Correct Answers -B) User
D) Admin
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect - Correct Answers -A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks - Correct Answers -B) admin and changeme
, Files indexed using the *upload* input option get indexed _____.
A) Each time Splunk restarts.
B) Every hour.
C) On every search.
D) Once. - Correct Answers -D) Once.
T/F:
The monitor input option will allow you to continuously monitor files. - Correct Answers -
True
Splunk knows where to break the event, where the time stamp is located and how to
automatically create field value pairs using these.
A) Line breaks
B) Source types
C) File names - Correct Answers -B) Source types
Splunk uses ______________ to categorize the type of data being indexed. - Correct
Answers -sourcetype
In most production environments, _____________ will be used as your the source of
data input. - Correct Answers -Forwarders
How is the *asterisk* used in Splunk search?
A) As a wildcard.
B) To make a nose for your clown emoticon.
C) As a place holder.
D) To add up numbers. - Correct Answers -A) As a wildcard.
Which following search mode toggles behavior based on the type of search being run?
A) Smart
B) Fast
C) Verbose - Correct Answers -A) Smart
T/F:
When zooming in on the event time line, a new search is run. - Correct Answers -False
T/F:
These searches will return the same results...
failed password
failed AND password - Correct Answers -True
SPLUNK FUNDAMENTALS 1
T/F:
Machine data is always structured. - Correct Answers -False.
Machine data can be structured or unstructured.
Machine data makes up for more than ___% of the data accumulated by organizations.
- Correct Answers -90
T/F:
Machine data is only generated by web servers. - Correct Answers -False
Search requests are processed by the ___________. - Correct Answers -Indexers
Search strings are sent from the _________. - Correct Answers -Search Head
In most Splunk deployments, ________ serve as the primary way data is supplied for
indexing. - Correct Answers -Forwarders
Which of these is *not* a main component of Splunk?
A) Search and investigate.
B) Compress and archive.
C) Add knowledge.
D) Collect and index data. - Correct Answers -B) Compress and archive
What are the three main processing components of Splunk?
*(Select all that apply.)*
A) Indexers
B) Deployment Maker
C) Search Heads
D) Forwarders
E) Distributors - Correct Answers -A) Indexers
C) Search Heads
D) Forwarders
,_________ define what users can do in Splunk.
A) Tokens
B) Disk permissions
C) Roles - Correct Answers -C) Roles
This role will only see their own knowledge objects and those that have been shared
with them.
A) User
B) Power
C) Admin - Correct Answers -A) User
T/F:
You can launch and manage apps from the home app. - Correct Answers -True
What are the three main default roles in Splunk Enterprise?
*(Select all that apply.)*
A) King
B) User
C) Manager
D) Admin
E) Power - Correct Answers -B) User
D) Admin
E) Power
Which apps ship with Splunk Enterprise?
*(Select all that apply.)*
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect - Correct Answers -A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks - Correct Answers -B) admin and changeme
, Files indexed using the *upload* input option get indexed _____.
A) Each time Splunk restarts.
B) Every hour.
C) On every search.
D) Once. - Correct Answers -D) Once.
T/F:
The monitor input option will allow you to continuously monitor files. - Correct Answers -
True
Splunk knows where to break the event, where the time stamp is located and how to
automatically create field value pairs using these.
A) Line breaks
B) Source types
C) File names - Correct Answers -B) Source types
Splunk uses ______________ to categorize the type of data being indexed. - Correct
Answers -sourcetype
In most production environments, _____________ will be used as your the source of
data input. - Correct Answers -Forwarders
How is the *asterisk* used in Splunk search?
A) As a wildcard.
B) To make a nose for your clown emoticon.
C) As a place holder.
D) To add up numbers. - Correct Answers -A) As a wildcard.
Which following search mode toggles behavior based on the type of search being run?
A) Smart
B) Fast
C) Verbose - Correct Answers -A) Smart
T/F:
When zooming in on the event time line, a new search is run. - Correct Answers -False
T/F:
These searches will return the same results...
failed password
failed AND password - Correct Answers -True
