โšก IT Wisdom Encryption is like a lock on a door โ€” useless if someone leaves the window open.
Curious Mind
297 XP 203 to Eager Learner

Exam Results

SPLUNK-CORE ยท 10 questions ยท 15 min

Score
30.0%
Not yet
Correct
3
out of 10
Wrong
7
need review
More practice needed. Focus on the wrong answers and use the explanations to understand why.
Wrong Answers (7)
Q3 ยท Alerts
Your answer: D  ยท  Correct: B
A Splunk administrator needs to configure an alert that monitors failed login attempts. The alert should only trigger when more than 10 failed logins occur within a 15-minute window, but it should NOT fire repeatedly if the condition remains true โ€” it should wait until the condition is no longer met before triggering again. Which alert trigger condition setting should the administrator configure to achieve this behavior?
Loading...
Q4 ยท Reports and Dashboards
Your answer: C  ยท  Correct: A
A SOC analyst has built a search that uses the stats command to display a count of security events grouped by source IP address. The analyst saves this search as a report and then wants to add it to an existing dashboard so the team can monitor it daily. After navigating to the dashboard in edit mode, which of the following correctly describes the steps to add the saved report to the dashboard panel?
Loading...
Q5 ยท Reports and Dashboards
Your answer: C  ยท  Correct: A
A Splunk analyst has created a dashboard with multiple panels to monitor web application performance. One of the panels currently displays results as a statistics table, but the analyst's manager has requested it be changed to a line chart to better visualize trends over time. The underlying search uses the timechart command and returns data appropriate for a line chart. Which sequence of steps correctly allows the analyst to change the panel's visualization type within the dashboard?
Loading...
Q6 ยท Alerts
Your answer: C  ยท  Correct: B
A Splunk administrator has configured an alert to monitor for a spike in HTTP 500 errors on a production web application. The alert is set to run every 5 minutes and has triggered multiple times within the last hour, flooding the on-call team's email inbox. The administrator wants to prevent the alert from sending more than one notification per hour, even if the trigger condition continues to be met during that time. Which alert throttling configuration should the administrator apply?
Loading...
Q7 ยท Using Fields
Your answer: C  ยท  Correct: A
A Splunk analyst is investigating web server logs and wants to retrieve events where the "status" field exists and contains any value, but also wants to exclude events where the "uri_path" field is equal to "/healthcheck". The analyst also needs to limit the returned fields in the results to only "status", "uri_path", and "clientip" to reduce clutter. Which search correctly accomplishes all three requirements?
Loading...
Q8 ยท Alerts
Your answer: C  ยท  Correct: B
A Splunk administrator has configured a real-time alert to detect when any host in the environment stops sending data. The administrator wants to be notified only when a specific host, "webserver01", has not sent any events for more than 10 minutes. After saving the alert, the administrator navigates to the Alerts page to confirm it is listed and active. Which section of the Splunk Web interface should the administrator navigate to in order to view all previously fired instances of this alert, including the time each instance triggered?
Loading...
Q10 ยท Using Fields
Your answer: B  ยท  Correct: A
A Splunk analyst is searching through web access logs and wants to find all events where the "status" field begins with the number "4" to capture all 4xx HTTP client error codes (such as 400, 401, 403, 404, etc.) in a single search. The analyst also wants to exclude any events where the "method" field is exactly equal to "OPTIONS". Which search correctly uses wildcards and field operators to accomplish both requirements?
Loading...
Correct Answers (3) โ–ธ expand
New Exam Dashboard Practice Mode