SPLK-2001 Online Practice Questions and Answers

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen. What could have happened? (Select all that apply.)

A. The dashboard's permissions were set to private.

B. User role permissions are different on the new instance.

C. The admin deleted the myApp/local directory before packaging.

D. Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

A. Review the OWASP Top Ten List.

B. Store passwords in clear text in .conf files.

C. Review the OWASP Secure Coding Practices Quick Reference Guide.

D. Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

A. Cannot use event sampling.

B. Use a transforming command.

C. Use a standard Splunk visualization.

D. Commands before the first transforming command must be streamable.

Which type of command is tstats?

A. Generating

B. Transforming

C. Centralized streaming

D. Distributable streaming

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

A. Stores checkpoint data for modular inputs.

B. Tracks workflow in an incident-review system.

C. Indexes metrics data from remote HTTP sources.

D. Stores application state as a user interacts with an app.

Which of the following describes a Splunk custom visualization?

A. A visualization with custom colors.

B. Any visualization available in Splunk.

C. A visualization in Splunk modified by the user.

D. A visualization that uses the Splunk Custom Visualization API.

Which of the following formats are valid for a Splunk REST URI?

A. host:port/endpoint

B. scheme://host/servicesNS/*/

C. $SPLUNK HOME/services/endpoint

D. scheme://host:port/services/endpoint

Which files within an app contain permissions information? (Select all that apply.)

A. local/metadata.conf

B. metadata/local.meta

C. default/metadata.conf

D. metadata/default.meta

A dashboard is taking too long to load. Several searches start with the same SPL. How can the searches be optimized in this dashboard? (Select all that apply.)

A. Convert searches to include NOT expressions.

B. Restrict the time range of the search as much as possible.

C. Replace | stats command with | transaction command wherever possible.

D. Convert the common SPL into a Global Search and convert the other searches to post-processing searches.

Data can be added to a KV store collection in which of the following format(s)?

A. JSON

B. JSON, XML

C. JSON, XML, CSV

D. JSON, XML, CSV, TXT