Universal forwarder is recommended for forwarding the logs to indexers.

• A.False
• B.True

Comment: *

Name: *

Email: *

Verification: *

In a deployment with multiple indexes, what will happen when a search is run and an index is not specified in the search string?

• A.No events will be returned.
• B.Splunk will prompt you to specify an index.
• C.All non-indexed events to which the user has access will be returned.
• D.Events from every index searched by default to which the user has access will be returned.

Comment: *

Name: *

Email: *

Verification: *

In the Splunk interface^ the list of alerts can be filtered based on which characteristics?

• A.App, Dashboard Severity, and Type
• B.App, Owner, Priority, and Status
• C.App, Time Window, Type, and Severity
• D.App, Owner, Severity, and Type

Comment: *

Name: *

Email: *

Verification: *

Which search string is the most efficient?

• A."failed password"
• B.index=security "failed password"
• C.''failed password"*
• D.index=* "failed password"

Comment: *

Name: *

Email: *

Verification: *

Which search string matches only events with the status_codeof 404?

• A.status_code!=404
• B.status_code>=400
• C.status_code>403 status_code<405
• D.status_code<=404

Comment: *

Name: *

Email: *

Verification: *