
無料ダウンロードSplunk SPLK-2001リアル試験問題ゲットせよ
最新のSplunk SPLK-2001リアル試験問題集PDF
この試験では、知識オブジェクトの作成と管理、高度な検索およびレポートコマンドの開発、ダッシュボードの構築、視覚化、Splunkアプリの展開など、候補者のスプランク開発のさまざまな側面における候補者の習熟度を測定します。認定はグローバルに認識されており、個人がエンタープライズ環境でSplunk Solutionsを開発および展開するために必要なスキルを持っていることを意味します。 SPLK-2001試験に合格すると、Splunk開発に関する高レベルの専門知識が示されており、より良いキャリアの機会とより高い給与につながる可能性があります。
質問 # 39
What must be done when calling the serviceNS endpoint?
- A. Pass the user and app context in the request payload.
- B. Authenticate with an admin user.
- C. Specify the user and app context in the URI.
- D. Authenticate with the user of the required context.
正解:C
質問 # 40
Which of the following is an example of a Splunk KV store use case? (Select all that apply.)
- A. Stores application state as a user interacts with an app.
- B. Tracks workflow in an incident-review system.
- C. Stores checkpoint data for modular inputs.
- D. Indexes metrics data from remote HTTP sources.
正解:B、C
質問 # 41
Which of the following is a way to monitor app performance? (Select all that apply.)
- A. Using the storage/collections/config REST endpoint.
- B. Using the Monitoring Console.
- C. Using Splunk logs.
- D. Using the search job inspector.
正解:B、C
質問 # 42
Which of the following is true of a namespace?
- A. The namespace includes an app attribute which cannot be a wildcard.
- B. The namespace does not filter knowledge objects returned by the REST API.
- C. The namespace filters the knowledge objects returned by the REST API.
- D. The namespace is a type of token filter.
正解:B
質問 # 43
Which of the following search commands can be used to perform statistical queries on indexed fields in TSIDX files?
- A. tstats
- B. tscollect
- C. stats
- D. transaction
正解:A
質問 # 44
Which event handler uses the <selection> element to support pan and zoom functionality?
- A. Search event handler
- B. Condition event handler
- C. Form input event handler
- D. Visualization event handler
正解:D
質問 # 45
Which of the following are true of auto-refresh for dashboard panels? (Select all that apply.)
- A. Each post-processing search using the same base search can have a different refresh time.
- B. Enabling auto-refresh for a report requires editing XML.
- C. Applies to inline searches and saved searches.
- D. Post-processing searches are refreshed when their base searches are refreshed.
正解:B、D
質問 # 46
Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?
- A. <option name "link.openSearch.viewTarget">$row.link$</option>
- B. <drilldown>
<link target "_blank">http://localhost:8000/debug/refresh</link>
</drilldown> - C. <drilldown>
<link target=" blank">$$row.link$$</link>
</drilldown> - D. <drilldown>
<link target="_blank">$row.link|n$</link>
</drilldown>
正解:D
解説:
Explanation
It uses the $row.field|n$ syntax to reference the value of the link field in each row of the table. This syntax is used to create dynamic links in Simple XML dashboards. The other options are incorrect because they either use invalid syntax or do not reference the link field correctly. You can find more information about dynamic drill-downs and link syntax in the Splunk Developer Guide.
質問 # 47
A KV store collection can be associated with a namespace for which of the following users?
- A. Users in the admin role.
- B. Users in the admin, power, and splunk-system-user roles.
- C. Users in the admin and power roles.
- D. Nobody
正解:A
質問 # 48
To delete the record with a _key value of smith from the sales collection, a DELETE request should be sent to which REST endpoint?
- A. /storage/collections/data/sales/smith
- B. /storage/collections/sales/smith
- C. /storage/kvstore/collections/sales/smith
- D. /storage/kvstore/data/sales/smith
正解:A
解説:
Explanation
The correct answer is C, because /storage/collections/data/sales/smith is the REST endpoint to delete the record with a _key value of smith from the sales collection. The /storage/collections/data endpoint is used to access the KV Store data collections. The sales collection is the name of the collection, and smith is the _key value of the record to be deleted.
質問 # 49
Which of the following statements define a namespace?
- A. The namespace is a combination of the user, the app, and the role.
- B. The namespace is a combination of the user, the app, the role, and the sharing level.
- C. The namespace is a combination of the user and the app.
- D. The namespace is a combination of the user, the app, the role, the sharing level, and the permissions.
正解:C
質問 # 50
Which Splunk REST endpoint is used to create a KV store collection?
- A. /storage/collections/config
- B. /storage/kvstore/create
- C. /storage/collections
- D. /storage/kvstore/collections
正解:A
解説:
Explanation
The Splunk REST endpoint that is used to create a KV store collection is /storage/collections/config. This endpoint lets you create, update, or delete a KV store collection. The other endpoints are either invalid or used for different purposes. For more information, see Use the Splunk REST API to access the KV Store.
質問 # 51
Which of the following Simple XML elements configure panel link buttons? (Select all that apply.)
- A. <option name="link.visible">true</option>
- B. <option name="refresh.link.visible">false</option>
- C. <title>Open In Search</title>
- D. <option name="trellis.enabled">false</option>
正解:A、C
解説:
Explanation
The Simple XML elements that configure panel link buttons are <title>Open In Search</title> and <option name="link.visible">true</option>. The title element specifies the text that appears on the link button, and the option element enables the link button to be visible. The other elements are either irrelevant or used for different options. For more information, see Drilldown to a URL.
質問 # 52
In a DELETE request, what would omitting the value of _key from the REST endpoint do?
- A. Cause all records in a collection to be deleted.
- B. Produce the syntax error "Key value missing".
- C. Mean that the _key value must be passed as an argument.
- D. Clean the KV store, deleting all content.
正解:A
解説:
Explanation
The correct answer is C, because omitting the value of _key from the REST endpoint would cause all records in a collection to be deleted. The _key is a unique identifier for each record in a KV Store collection. The REST endpoint for deleting a record from a collection is /storage/collections/data/<collection>/<key>, where
<collection> is the name of the collection and <key> is the value of _key. If the <key> is omitted, the REST endpoint becomes /storage/collections/data/<collection>, which deletes all records in the collection. The other options are incorrect because they are not the consequences of omitting the value of _key from the REST endpoint. Cleaning the KV store, deleting all content would require deleting all collections, not just one.
Producing the syntax error "Key value missing" would not happen, because the REST endpoint is valid without the <key> value. Meaning that the _key value must be passed as an argument would not make sense, because the argument is the same as the <key> value in the REST endpoint.
質問 # 53
Which of the following is an intended use of HTTP Event Collector tokens?
- A. A password in conjunction with login.
- B. A cookie.
- C. A JSON field in the HTTP request.
- D. An HTTP header field.
正解:D
質問 # 54
Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
- A. Tokens can be edited using the data/inputs/http/{tokenName} endpoint.
- B. Multiple tokens can be created for use with different sourcetypes and indexes.
- C. The edit token http admin role capability is required to create a token.
- D. To create a token, send a POST request to services/collector endpoint.
正解:A、B、C
解説:
Explanation
The correct answer is A, B, and D because these are the statements that are true regarding HEC (HTTP Event Collector) tokens. HEC tokens are unique identifiers that are used to authenticate and authorize the data sent to HEC, which is a service that allows you to send data to Splunk via HTTP or HTTPS. Option A is correct because multiple tokens can be created for use with different sourcetypes and indexes, which are the attributes that define the data type and the location of the data in Splunk. Option B is correct because the edit token http admin role capability is required to create a token, which is a permission that allows the user to manage the HEC tokens. Option D is correct because tokens can be edited using the data/inputs/http/{tokenName} endpoint, which is a REST endpoint that allows you to update the properties of a specific HEC token. Option C is incorrect because to create a token, you need to send a POST request to the data/inputs/http endpoint, not the services/collector endpoint. The services/collector endpoint is used to send data to HEC, not to create tokens. You can find more information about HEC tokens and their endpoints in the Splunk Developer Guide.
質問 # 55
Which of the following log files contains logs that are most relevant to Splunk Web?
- A. web_service.log
- B. splunkd.log
- C. metrics.log
- D. audit.log
正解:A
解説:
Explanation
The log file that contains logs that are most relevant to Splunk Web is web_service.log. This log file records information about the web server that runs Splunk Web, such as requests, responses, errors, and performance.
The other log files contain logs that are related to other aspects of Splunk, such as audit.log for security events, metrics.log for performance metrics, and splunkd.log for Splunk daemon activity. For more information, see
[About Splunk log files].
質問 # 56
Which of the following is a security best practice?
- A. Eliminate all escape characters.
- B. Ensure the app passes App Certification.
- C. Ensure components have no Common Vulnerabilities and Exposures (CVE) vulnerabilities.
- D. Enable XSS.
正解:C
解説:
Explanation
The correct answer is D, because ensuring components have no Common Vulnerabilities and Exposures (CVE) vulnerabilities is a security best practice for developing Splunk apps. CVE is a list of publicly disclosed information security vulnerabilities and exposures1. Splunk recommends using tools such as npm audit, retire.js, and snyk to scan your app components for CVE vulnerabilities2.
質問 # 57
Searching "index=_internal metrics | head 3" from Splunk Web returned the following events:
04-12-2018 18:39:43.514 +0200 INFO Metrics - group=thruput, name=thruput, instantaneous_kbps=0.9651774014563425, instantaneous_eps=5.645638802094809, average_kbps=1.198995639527069, total_k_processed=2676, kb=29.91796875, ev=175, load_average=3.85888671875
04-12-2018 18:39:43.514 +0200 INFO Metrics - group_thruput, name_syslog_output, instantaneous_kbps=0, instantaneous_eps_0, average_kbps=0, total_k_processed=0, kb=0, ev=0
04-12-2018 18:39:43.513 +0200 INFO Metrics - group_thruput, name_index_thruput, instantaneous_kbps=0.9651773703189551, instantaneous_eps=4.87137960922438, average_kbps=1.1985932324065556, total_k_processed=2675, kb=29.91796875, ev=151 When the same search is required from a REST API call, which fields will be given? (Select all that apply.)
- A. instantaneous_kbps
- B. sourcetype
- C. _raw
- D. name
正解:A、B、C、D
解説:
Explanation
When the same search is required from a REST API call, all the fields will be given, including _raw, name, sourcetype, and instantaneous_kbps. This is because the default output mode for the REST API is XML, which returns all the fields and values for each event. To limit the fields returned, you can use the output_mode parameter with a value of json_cols, json_rows, or csv. For more information, see Access Splunk data using feeds.
質問 # 58
Which of the following are valid parent elements for the event action shown below? (Select all that apply.)
<set token="Token Name">sourcetype=$click.value|s$</set>
- A. <eval>
- B. <change>
<condition> - C. <change>
- D. <drilldown>
<condition>
正解:A、B
質問 # 59
Which of the following are valid request arguments for the REST search endpoints? (Select all that apply.)
- A. earliest_time=rt_10m@m
- B. latest_time=rt
- C. latest_time=now
- D. earliest_time=-5h@h
正解:C、D
解説:
Explanation
The valid request arguments for the REST search endpoints are latest_time=now and earliest_time=-5h@h.
These arguments specify the time range for the search, using relative or absolute time modifiers. The other arguments are invalid because they use rt (real-time) modifiers, which are not supported by the REST search endpoints. For more information, see [Specify time modifiers in your search].
質問 # 60
For a KV store, a lookup stanza in the transforms.conf file must contain which of the following? (Select all that apply.)
- A. collection
- B. external_type
- C. fields_list
- D. internal_type
正解:A、C
解説:
Explanation
The correct answer is A and B, because for a KV Store, a lookup stanza in the transforms.conf file must contain the collection and fields_list attributes. A lookup stanza is a configuration section in the transforms.conf file that defines the properties of a lookup, such as the lookup type, the lookup file or collection, the input and output fields, and the match type. A lookup is a feature that allows Splunk to enrich the events with additional data from an external source, such as a CSV file or a KV Store collection. For a KV Store lookup, the lookup stanza must have the collection attribute, which specifies the name of the KV Store collection to use, and the fields_list attribute, which specifies the fields to return from the KV Store collection2. The external_type and internal_type attributes are not required for a KV Store lookup, but for a scripted lookup, which is a type of lookup that uses an external script to perform the lookup operation.
質問 # 61
Which of the following is a customization option for the Open in Search panel link button?
- A. Define an alternative search or target view to use.
- B. Show the Export Results button.
- C. Show link buttons at the bottom of a panel.
- D. Display the refresh time.
正解:A
質問 # 62
Suppose the following query in a Simple XML dashboard returns a table including hyperlinks:
<search>
<query>index news sourcetype web_proxy | table sourcetype title link
</query>
</search>
Which of the following is a valid dynamic drilldown element to allow a user of the dashboard to visit the hyperlinks contained in the link field?
- A. <drilldown>
<link target "_blank">http://localhost:8000/debug/refresh</link>
</drilldown> - B. <drilldown>
<link target=" blank">$$row.link$$</link>
</drilldown> - C. <drilldown>
<link target="_blank">$row.link|n$</link>
</drilldown> - D. <option name "link.openSearch.viewTarget">$row.link$</option>
正解:D
質問 # 63
......
PDF問題(2024年最新)実際のSplunk SPLK-2001試験問題:https://jp.fast2test.com/SPLK-2001-premium-file.html