SPLK-2001

Which of the following statements define a namespace?
A . The namespace is a combination of the user and the app.
B . The namespace is a combination of the user, the app, and the role.
C . The namespace is a combination of the user, the app, the role, and the sharing level.
D . The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.

View Answer

Answer: A

Which of the following options would be the best way to identify processor bottlenecks of a search?
A . Using the REST AP
C . Using the search job inspector.
D . Using the Splunk Monitoring Console.
E . Searching the Splunk logs using index=“ internal”.

View Answer

Answer: C

Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
A . Multiple tokens can be created for use with different sourcetypes and indexes.
B . The edit token http admin role capability is required to create a token.
C . To create a token, send a POST request to services/collector endpoint.
D . Tokens can be edited using the data/inputs/http/{tokenName} endpoint.

View Answer

Answer: AC

What must be done when calling the serviceNS endpoint?
A . Authenticate with an admin user.
B . Specify the user and app context in the UR
D . Authenticate with the user of the required context.
E . Pass the user and app context in the request payload.

View Answer

Answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Using Splunk Web to modify config settings for a shared object, a revised config file with those changes is placed in which directory?
A . $SPLUNK_HOME/etc/apps/myApp/local
B . $SPLUNK_HOME/etc/system/default/
C . $SPLUNK_HOME/etc/system/local
D . $SPLUNK_HOME/etc/apps/myApp/default

View Answer

Answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Howtoeditaconfigurationfile

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:

<search>

<query>index news sourcetype web_proxy | table sourcetype title link </query>

</search>

Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?
A . <option name “link.openSearch.viewTarget">$row.link$</option>
B . <drilldown>
<link target=“ blank">$$row.link$$</link> </drilldown>
C . <drilldown>
<link target="_blank">$row.link|n$</link> </drilldown>
D . <drilldown>
<link target “_blank">http://localhost:8000/debug/refresh</link> </drilldown>

View Answer

Answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/BuildandeditdashboardswithSimplifiedXML

Which of the following are characteristics of an add-on? (Select all that apply.)
A . Requires navigation file.
B . Occupies a unique namespace within Splunk.
C . Can depend on add-ons for correct operation.
D . Contains technology or components not intended for reuse by other apps.

View Answer

Answer: AD

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)
A . Review the OWASP Top Ten List.
B . Store passwords in clear text in .conf files.
C . Review the OWASP Secure Coding Practices Quick Reference Guide.
D . Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

View Answer

Answer: AC

Explanation:

Reference: https://dev.splunk.com/enterprise/docs/developapps/testvalidate/securitybestpractices/

When updating a knowledge object via REST, which of the following are valid values for the sharing Access Control List property?
A . App
B . User
C . Global
D . Nobody

View Answer

Answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Which type of command is tstats?
A . Generating
B . Transforming
C . Centralized streaming
D . Distributable streaming

View Answer

Answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Tstats