Splunk splk-2001 online test

Splunk Certified Developer Exam

What students need to know about the splk-2001 exam

  • Total 70 Questions & Answers

Question 1

Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit
the hyperlinks contained in the link field?

  • A. <option name “link.openSearch.viewTarget">$row.link$</option>
  • B. <drilldown> <link target= blank">$$row.link$$</link> </drilldown>
  • C. <drilldown> <link target="_blank">$row.link|n$</link> </drilldown>
  • D. <drilldown> <link target _blank">http://localhost:8000/debug/refresh</link> </drilldown>
Answer:

A

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/BuildandeditdashboardswithSimplifiedX
ML

Discussions

Question 2

When updating a knowledge object via REST, which of the following are valid values for the sharing
Access Control List property?

  • A. App
  • B. User
  • C. Global
  • D. Nobody
Answer:

A

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/RESTUM/RESTusing

Discussions

Question 3

Which of the following are ways to get a list of search jobs? (Select all that apply.)

  • A. Access Activity > Jobs with Splunk Web.
  • B. Use Splunk REST to query the /services/search/jobs endpoint.
  • C. Use Splunk REST to query the /services/saved/searches endpoint.
  • D. Use Splunk REST to query the /services/search/sid/results endpoint.
Answer:

AB

Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.2/Search/SupervisejobswiththeJobspage

Discussions

Question 4

Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)

  • A. Add custom layouts.
  • B. Add custom graphics.
  • C. Add custom behaviors.
  • D. Limit Splunk license consumption based on host.
Answer:

AC

Reference: https://dev.splunk.com/enterprise/docs/developapps/visualizedata/usewebframework/
modifydashboards/

Discussions

Question 5

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that
apply.)

  • A. No need to do anything, it is turned on by default.
  • B. When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1.
  • C. When a new HEC token is created in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
  • D. When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled “Enable indexer acknowledgement”.
Answer:

CD

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Data/UsetheHTTPEventCollector

Discussions

Question 6

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance.
After logging in to the new instance, the dashboard is not seen. What could have happened? (Select
all that apply.)

  • A. The dashboard’s permissions were set to private.
  • B. User role permissions are different on the new instance.
  • C. The admin deleted the myApp/local directory before packaging.
  • D. Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav
Answer:

AB

Reference: https://docs.splunk.com/Documentation/Splunk/8.1.2/Viz/DashboardPermissions

Discussions

Question 7

Which of the following statements define a namespace?

  • A. The namespace is a combination of the user and the app.
  • B. The namespace is a combination of the user, the app, and the role.
  • C. The namespace is a combination of the user, the app, the role, and the sharing level.
  • D. The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.
Answer:

A

Discussions

Question 8

Which of the following are characteristics of an add-on? (Select all that apply.)

  • A. Requires navigation file.
  • B. Occupies a unique namespace within Splunk.
  • C. Can depend on add-ons for correct operation.
  • D. Contains technology or components not intended for reuse by other apps.
Answer:

AD

Discussions

Question 9

Which of the following statements describe oneshot searches? (Select all that apply.)

  • A. Are always executed asynchronously.
  • B. Can specify csv as an output format.
  • C. Stream all results upon search completion.
  • D. Can use auto_cancel to set a timeout limit.
Answer:

BC

Reference:
https://dev.splunk.com/enterprise/docs/devtools/java/sdk-
java/howtousesdkjava/howtoworkjobjava/

Discussions

Question 10

Which of the following options would be the best way to identify processor bottlenecks of a search?

  • A. Using the REST API.
  • B. Using the search job inspector.
  • C. Using the Splunk Monitoring Console.
  • D. Searching the Splunk logs using index=“ internal”.
Answer:

C

Discussions
To page 2