Exam4Training

Which of the following searches will return events contains a tag name Privileged?

Which of the following searches will return events contains a tag name Privileged?
A . Tag= Priv
B . Tag= Pri*
C . Tag= Priv*
D . Tag= Privileged

Answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity

A tag is a descriptive label that you can apply to one or more fields or field values in your events1. You can use tags to simplify your searches by replacing long or complex field names or values with short and simple tags1. To search for events that contain a tag name, you can use the tag keyword followed by an equal sign and the tag name1. You can also use wildcards (*) to match partial tag names1. Therefore, option B is correct because it will return events that contain a tag name that starts with Pri. Options A and D are incorrect because they will only return events that contain an exact tag name match. Option C is incorrect because it will return events that contain a tag name that starts with Priv, not Privileged.

Exit mobile version