Splunk SPLK-2001 Splunk Certified Developer Exam Online Training
Splunk SPLK-2001 Online Training
The questions for SPLK-2001 were last updated at May 03,2024.
- Exam Code: SPLK-2001
- Exam Name: Splunk Certified Developer Exam
- Certification Provider: Splunk
- Latest update: May 03,2024
Which of the following is true of a namespace?
- A . The namespace is a type of token filter.
- B . The namespace includes an app attribute which cannot be a wildcard.
- C . The namespace filters the knowledge objects returned by the REST API.
- D . The namespace does not filter knowledge objects returned by the REST API.
What must be done when calling the serviceNS endpoint?
- A . Authenticate with an admin user.
- B . Specify the user and app context in the URI.
- C . Authenticate with the user of the required context.
- D . Pass the user and app context in the request payload.
B
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Assuming permissions are set appropriately, which REST endpoint path can be used by someone with a power user role to access information about mySearch, a saved search owned by someone with a user role?
- A . /servicesNS/-/data/saved/searches/mySearch
- B . /servicesNS/object/saved/searches/mySearch
- C . /servicesNS/search/saved/searches/mySearch
- D . /servicesNS/-/search/saved/searches/mySearch
D
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing
Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory?
- A . $SPLUNK_HOME/etc/apps/myApp/local
- B . $SPLUNK_HOME/etc/system/default/C. $SPLUNK_HOME/etc/system/local
- C . $SPLUNK_HOME/etc/apps/myApp/default
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Howtoeditaconfigurationfile
What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)
- A . Review the OWASP Top Ten List.
- B . Store passwords in clear text in .conf files.
- C . Review the OWASP Secure Coding Practices Quick Reference Guide.
- D . Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
AC
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/testvalidate/securitybestpractices/
There is a global search named “global_search” defined on a form as shown below:
<search id=“global_search”>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)
- A . | tstats count
- B . sourcetype=mysourcetype
- C . stats sum(count) AS count by log level
- D . search log_level=error | stats sum(count) AS count by component
CD
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/Savedsearches
In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)
- A . Cannot use event sampling.
- B . Use a transforming command.
- C . Use a standard Splunk visualization.
- D . Commands before the first transforming command must be streamable.
ABD
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Knowledge/Manageacceleratedsearchsummaries
Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
- A . Multiple tokens can be created for use with different sourcetypes and indexes.
- B . The edit token http admin role capability is required to create a token.
- C . To create a token, send a POST request to services/collector endpoint.
- D . Tokens can be edited using the data/inputs/http/{tokenName} endpoint.
Which type of command is tstats?
- A . Generating
- B . Transforming
- C . Centralized streaming
- D . Distributable streaming
A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Tstats
Which of the following is an example of a Splunk KV store use case? (Select all that apply.)
- A . Stores checkpoint data for modular inputs.
- B . Tracks workflow in an incident-review system.
- C . Indexes metrics data from remote HTTP sources.
- D . Stores application state as a user interacts with an app.
AB
Explanation:
Reference: https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/kvstore/