Splunk splk-2001 practice test

Which of the following is a customization option for the Open in Search panel link button?

• A. Display the refresh time.
• B. Show the Export Results button.
• C. Show link buttons at the bottom of a panel.
• D. Define an alternative search or target view to use.

When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the
results size in the results? (Select all that apply.)

• A. Use a generating search.
• B. Remove unneeded fields.
• C. Truncate the data, using selective functions.
• D. Summarize data, using analytic commands.

Which of the following is an intended use of HTTP Event Collector tokens?

• A. A cookie.
• B. An HTTP header field.
• C. A JSON field in the HTTP request.
• D. A password in conjunction with login.

Which of the following ensures that quotation marks surround the value referenced by the token?

• A. $token_name|s$
• B. “$token_name$”
• C. ($token_name$)
• D. \“$token_name$\”

Which of the following statements describe an HEC token? (Select all that apply.)

• A. Maps to a Splunk user.
• B. Can be used to download data.
• C. Is a GUID (globally unique identifier).
• D. Can be created in Splunk Web or using REST endpoints.

Which items below are configured in inputs.conf? (Select all that apply.)

• A. A modular input written in Python.
• B. A file input monitoring a JSON file.
• C. A custom search command written in Python.
• D. An HTTP Event Collector as receiver of data from an app.

Which of the following are security best practices for Splunk app development? (Select all that
apply.)

• A. Store passwords in clear text in .conf files.
• B. Implement security in software development lifecycle.
• C. Manually test application with the controls listed in the OWASP Security Testing Guide.
• D. Use a dynamic scanner such as OWASP ZAP to scan web application components for vulnerabilities.

Given a dashboard with a Simple XML extension in myApp, what is the XML reference for the file
myJS.js located in myOtherApp in the location shown below?
$SPLUNK_HOME/etc/apps/myOtherApp/appserver/static/javascript/

• A. <dashboard script=“myJs.js”>
• B. <dashboard script=“myOtherApp/myJS.js”>
• C. <dashboard script=“myOtherApp:javascript/myJS.js”>
• D. <dashboard script=“myOtherApp:appserver/static/javascript/myJS.js”>

A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and
deployed in an organization. The admin has e-mailed the following configuration snippet with a brief
note that says fix the permissions.
In what configuration file should the snippet be placed?
[]
access = read : [ * ], write : [ admin ] export - system
(Assume that $APP_HOME refers to the path that the app is installed, e.g.
$SPLUNK_HOME/etc/apps/<app name>)

• A. $APP_HOME/default/app.conf
• B. $APP_HOME/local/default.meta
• C. $APP_HOME/metadata/local.meta
• D. $SPLUNK_HOME/etc/system/local/server.conf

Log files related to Splunk REST calls can be found in which indexes? (Select all that apply.)

• A. _audit
• B. _internal
• C. _thefishbucket
• D. _blocksignature

To delete the record with a _key value of smith from the sales collection, a DELETE request should be
sent to which REST endpoint?

• A. /storage/collections/sales/smith
• B. /storage/kvstore/data/sales/smith
• C. /storage/collections/data/sales/smith
• D. /storage/kvstore/collections/sales/smith

How can event logs be collected from a remote Windows machine using a standard Splunk
installation and no customization? (Select all that apply.)

• A. By configuring a WMI input.
• B. By using HTTP event collector.
• C. By using a Windows heavy forwarder.
• D. By using a Windows universal forwarder.

What predefined drilldown tokens are available specifically for trellis layouts? (Select all that apply.)

• A. trellis.Xaxis
• B. trellis.Yaxis
• C. trellis.name
• D. trellis.value

Which event handler uses the <selection> element to support pan and zoom functionality?

• A. Visualization event handler
• B. Form input event handler
• C. Condition event handler
• D. Search event handler

Which of the following is a security best practice?

• A. Enable XSS.
• B. Eliminate all escape characters.
• C. Ensure the app passes App Certification.
• D. Ensure components have no Common Vulnerabilities and Exposures (CVE) vulnerabilities.