Which of the following are ways to get a list of search jobs? (Select all that apply.)
A. Access Activity > Jobs with Splunk Web.
B. Use Splunk REST to query the /services/search/jobs endpoint.
C. Use Splunk REST to query the /services/saved/searches endpoint.
D. Use Splunk REST to query the /services/search/sid/results endpoint.
Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)
A. Add custom layouts.
B. Add custom graphics.
C. Add custom behaviors.
D. Limit Splunk license consumption based on host.
Which of the following statements describe oneshot searches? (Select all that apply.)
A. Are always executed asynchronously.
B. Can specify csv as an output format.
C. Stream all results upon search completion.
D. Can use auto_cancel to set a timeout limit.
Which of the following options would be the best way to identify processor bottlenecks of a search?
A. Using the REST API.
B. Using the search job inspector.
C. Using the Splunk Monitoring Console.
D. Searching the Splunk logs using index=" internal".
What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)
A. Review the OWASP Top Ten List.
B. Store passwords in clear text in .conf files.
C. Review the OWASP Secure Coding Practices Quick Reference Guide.
D. Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.
Which of the following is an example of a Splunk KV store use case? (Select all that apply.)
A. Stores checkpoint data for modular inputs.
B. Tracks workflow in an incident-review system.
C. Indexes metrics data from remote HTTP sources.
D. Stores application state as a user interacts with an app.
How can hiding or showing a panel by clicking on a chart or a table on the same form be performed?
A. By using vent drilldown.
B. By using workflow action.
C. By using contextual drilldown.
D. By using visualization drilldown.
Which of the following are true of auto-refresh for dashboard panels? (Select all that apply.)
A. Applies to inline searches and saved searches.
B. Enabling auto-refresh for a report requires editing XML.
C. Post-processing searches are refreshed when their base searches are refreshed.
D. Each post-processing search using the same base search can have a different refresh time.
A KV store collection can be associated with a namespace for which of the following users?
A. Nobody
B. Users in the admin role.
C. Users in the admin and power roles.
D. Users in the admin, power, and splunk-system-user roles.
Which of the following are reserved field names in a KV Store? (Select all that apply.)
A. _key
B. _time
C. _user
D. _source
Which of these URLs could be used to construct a REST request to search the employee KV store collection to find records with a rating greater than or equal to 2 and less than 5?
A. `http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={$and: [{rating:{$gte:2}},{rating:{$lt:5}}]}andoutput_mode-json'
B. `http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={$and: [{rating:$gte:2}},{rating:{$lt:5}}]}andoutput_mode=json'
C. `http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={% 22rating%22:{%22$gte%22:2}},{%22$and%22},{%22rating%22:{%22$lt%22:5}}} andoutput_mode=json'
D. `http://localhost:8089/servicesNS/nobody/search/storage/collections/data/employees?query={%22$and %22:[{%22rating%22:{%22$gte%22:2}},{%22rating%22:{%22$lt%22:5}}]} andoutput_mode=json'
Which of the following log files contains logs that are most relevant to Splunk Web?
A. audit.log
B. metrics.log
C. splunkd.log
D. web_service.log
Consider the following Python code snippet used in a Splunk add-on:
if not os.path.exists(full_path): self.doAction(full_path, header) else: f = open(full_path) oldORnew = f.readline().split(",") f.close()
An attacker could create a denial of service by causing an error in either the open() or readline() commands. What type of vulnerability is this?
A. CWE-693: Protection Mechanism Failure
B. CWE-562: Return of Stack Variable Address
C. CWE-404: Improper Resource Shutdown or Release
D. CWE-636: Not Failing Securely (`Failing Open')
Which of the following is a customization option for the Open in Search panel link button?
A. Display the refresh time.
B. Show the Export Results button.
C. Show link buttons at the bottom of a panel.
D. Define an alternative search or target view to use.
For a KV store, a lookup stanza in the transforms.conf file must contain which of the following? (Select all that apply.)
A. collection
B. fields_list
C. external_type
D. internal_type