1
What are the default roles in Splunk Enterprise?
User
Power, User, Admin
Admin
Powe
2
What determines the timestamp shown on returned events in a search?
Timestamps are displayed in epoch time
Timestamps are displayed in Greenwich Mean Time
The time zone where the event originated
The time zone defined in user settings
3
By default, which of the following roles are required to share knowledge objects?
Admin, User
Power, User
Admin, Power
Power
4
Which of the following searches will return results containing the phrase "failed password"?
failed password
"failed password"
(failed password)
`failed password`
5
By default, how long does a search job remain active?
30 minutes
5 minutes
7 days
10 minutes
6
Which command can be used to further filter results in a search?
subsearch
filter
subset
search
7
Which of the following searches will return results containing the words fail, failure, or failed?
fail*
fail
*fail
fail+
8
What is the most efficient way to limit search results returned?
time
index
host
source
9
Which search mode behaves differently depending on the type of search being run?
smart
verbose
fast
variable
10
Which of the following booleans can be used in a search?
OR, NOT
ALSO
OR, NOT, AND
OR
11
By default, who is able to view a saved report?
The user who created it
Any user with a power or admin role
Any user with the viewreports capability
Any user with a power or admin role
12
Which character is used in a search before a command?
A tilde (~)
A quotation mark (")
A backtick (`)
A pipe (|)
13
Which of the following searches will return results containing the terms failed, password, or failed password?
failed OR password
failed OR password OR "failed password"
fail*
failed password OR "failed password", fail*
14
Which Splunk infrastructure component stores ingested data?
index
Dashboards
Data models
datasets
15
When a search is run, in what order are events returned?
Alphanumeric order
Chronological order
Reverse alphanumeric order
Reverse chronological order
