Splunk splk-2001 practice test

Which of the following is true of a namespace?

• A. The namespace is a type of token filter.
• B. The namespace includes an app attribute which cannot be a wildcard.
• C. The namespace filters the knowledge objects returned by the REST API.
• D. The namespace does not filter knowledge objects returned by the REST API.

What must be done when calling the serviceNS endpoint?

• A. Authenticate with an admin user.
• B. Specify the user and app context in the URI.
• C. Authenticate with the user of the required context.
• D. Pass the user and app context in the request payload.

Assuming permissions are set appropriately, which REST endpoint path can be used by someone with
a power user role to access information about mySearch, a saved search owned by someone with a
user role?

• A. /servicesNS/-/data/saved/searches/mySearch
• B. /servicesNS/object/saved/searches/mySearch
• C. /servicesNS/search/saved/searches/mySearch
• D. /servicesNS/-/search/saved/searches/mySearch

Using Splunk Web to modify config settings for a shared object, a revised config file with those
changes is placed in which directory?

• A. $SPLUNK_HOME/etc/apps/myApp/local
• B. $SPLUNK_HOME/etc/system/default/
• C. $SPLUNK_HOME/etc/system/local
• D. $SPLUNK_HOME/etc/apps/myApp/default

What application security best practices should be adhered to while developing an app for Splunk?
(Select all that apply.)

• A. Review the OWASP Top Ten List.
• B. Store passwords in clear text in .conf files.
• C. Review the OWASP Secure Coding Practices Quick Reference Guide.
• D. Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

There is a global search named “global_search” defined on a form as shown below:
<search id=“global_search”>
<query>
index-_internal source-*splunkd.log | stats count by component, log_level
</query>
</search>
Which of the following would be a valid post-processing search? (Select all that apply.)

• A. | tstats count
• B. sourcetype=mysourcetype
• C. stats sum(count) AS count by log level
• D. search log_level=error | stats sum(count) AS count by component

In order to successfully accelerate a report, which criteria must the search meet? (Select all that
apply.)

• A. Cannot use event sampling.
• B. Use a transforming command.
• C. Use a standard Splunk visualization.
• D. Commands before the first transforming command must be streamable.

Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)

• A. Multiple tokens can be created for use with different sourcetypes and indexes.
• B. The edit token http admin role capability is required to create a token.
• C. To create a token, send a POST request to services/collector endpoint.
• D. Tokens can be edited using the data/inputs/http/{tokenName} endpoint.

Which type of command is tstats?

• A. Generating
• B. Transforming
• C. Centralized streaming
• D. Distributable streaming

Which of the following is an example of a Splunk KV store use case? (Select all that apply.)

• A. Stores checkpoint data for modular inputs.
• B. Tracks workflow in an incident-review system.
• C. Indexes metrics data from remote HTTP sources.
• D. Stores application state as a user interacts with an app.