Free SPLK-2001 Sample Questions — Splunk Certified Developer

Which of the following log files contains logs that are most relevant to Splunk Web?

• A. audit.log
• B. metrics.log
• C. splunkd.log
• D. web_service.log

Data can be added to a KV store collection in which of the following format(s)?

• A. JSON
• B. JSON, XML
• C. JSON, XML, CSV
• D. JSON, XML, CSV, TXT

Which of the following options would be the best way to identify processor bottlenecks of a search?

• A. Using the REST API
• B. Using the search job inspector
• C. Using the Splunk Monitoring Console
• D. Searching the Splunk logs using index=" internal"

Which of the following statements describe an HEC token? (Select all that apply.)

• A. Maps to a Splunk user
• B. Can be used to download data
• C. Is a GUID (globally unique identifier)
• D. Can be created in Splunk Web or using REST endpoints

Consider the following Python code snippet used in a Splunk add-on: if not os.path.exists(full_path): self.doAction(full_path, header) else: f = open(full_path) oldORnew = f.readline ().split(`,`) f.close() An attacker could create a denial of service by causing an error in either the open() or readline() commands. What type of vulnerability is this?

• A. CWE-693: Protection Mechanism Failure
• B. CWE-562: Return of Stack Variable Address
• C. CWE-404: Improper Resource Shutdown or Release
• D. CWE-636: Not Failing Securely ('Failing Open')

Which of the following is a way to monitor app performance? (Select all that apply.)

• A. Using Splunk logs
• B. Using the search job inspector
• C. Using the Monitoring Console
• D. Using the storage/collections/config REST endpoint

How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

• A. No need to do anything, it is turned on by default
• B. When a REST request is sent to create a token, the property for indexer acknowledgement must be set to 1
• C. When a new HEC token is created in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement"
• D. When the Global Settings for HEC are updated in Splunk Web, select the checkbox labeled "Enable indexer acknowledgement"

Which Splunk REST endpoint is used to create a KV store collection?

• A. /storage/collections
• B. /storage/kvstore/create
• C. /storage/collections/config
• D. /storage/kvstore/collections

After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen. What could have happened? (Select all that apply.)

• A. The dashboard's permissions were set to private
• B. User role permissions are different on the new instance
• C. The admin deleted the myApp/local directory before packaging
• D. Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav

Which of the following statements describe oneshot searches? (Select all that apply.)

• A. Are always executed asynchronously
• B. Can specify csv as an output format
• C. Stream all results upon search completion
• D. Can use auto_cancel to set a timeout limit