Splunk Certified Developer Sample Questions
The Splunk Certified Developer test is the last step toward completion of the Splunk Certified Developer accreditation. This exceptionally specialized certificate test assesses a competitor’s information and abilities in drill-downs, high-level way of behaving and representations, and building applications utilizing the Splunk Web Framework, and REST endpoints.
A Splunk Certified Developer can construct applications utilizing the Splunk Web Framework. Up-and-comers will show their skill in drill-downs, high-level ways of behaving and perceptions, arranging, making, and bundling applications, and REST endpoints.
1.) While refreshing an information object by means of REST, which coming up next are substantial qualities for the sharing Access Control List property?
A. User
B. App
C. Global
D. No one
Right Answer: B
2.) Which among the following are ways of getting a list of search occupations? (Select all that apply.)
A. Access Activity > Jobs with Splunk Web.
B. Use Splunk REST to question the/services/search/jobs endpoint.
C. Use Splunk REST to query the /services/search/sid/results endpoint.
D. Use Splunk REST to query the /services/saved/searches endpoint.
Right Answer: AB
3.) Which among the following are the advantages of utilizing Simple XML Extensions? (Select all that apply.)
A. Add custom graphics.
B. Add custom layouts.
C. Adding custom behaviors..
D. Limit Splunk permit utilization in light of the host.
Right Answer: BC
4.) How could indexer affirmation be empowered for HTTP Event Collector (HEC)? (Select all that apply.)
A. Don’t bother doing anything, it is turned on by default.
B. At the point when a REST demand is shipped off to make a token, the property for indexer affirmation should be set to 1.
C. When another HEC token is made in Splunk Web, select the checkbox marked ג€Enable indexer acknowledgementג€.
D. At the point when the Global Settings for HEC are refreshed in Splunk Web, select the checkbox marked ג€Enable indexer acknowledgementג€.
Right Answer: CD
Explanation: Set up and use HTTP Event Collector in Splunk Web
5.) After updating a dashboard in myApp, a Splunk administrator moves myApp to an alternate Splunk case. After signing in to the new occurrence, the dashboard isn’t seen. What might have occurred? (Select all that apply.)
A. The dashboard’s permissions were set to private.
B. User role authorizations are different on the new instance.
C. Changes were placed in: $SPLUNK_HOME/etc/apps/search/default/data/ui/nav
D. The admin deleted the myApp/local directory before packaging.
Right Answer: AB
6.) Which of the accompanying assertions characterize a namespace?
A. The namespace is a mix of the client and the application.
B. The namespace is a mix of the client, the application, and the job.
C. The namespace is a mix of the client, the application, the job, and the sharing level.
D. The namespace is a blend of the client, the application, the job, the sharing level, and the consents.
Right Answer: A
7.) Which of coming up next are qualities of an extra? (Select all that apply.)
A. Can depend on add-ons for correct operation.
B. Possesses an exceptional namespace inside Splunk.
C. Requires navigation file.
D. Contains innovation or parts not planned for reuse by other applications.
Right Answer: CD
8.) Which of the accompanying assertions depict Oneshot hunts? (Select all that apply.)
A. Are constantly executed asynchronously.
B. Can determine csv as an output format.
C. Stream all outcomes upon search completion.
D. Can utilize auto_cancel to set a break limit.
Right Answer: BC
Explanation: How to work with searches and jobs using the Splunk Enterprise SDK for Java
9.) Which of the accompanying choices could be the most effective way to distinguish processor bottlenecks of a hunt?
A. Utilizing the REST API.
B. Utilizing the pursuit job inspector.
C. Utilizing the Splunk Monitoring Console.
D. Looking through the Splunk logs utilizing index=ג€ internalג€.
Right Answer: C
10.) Which of coming up next is valid for a namespace?
A. The namespace is a sort of token filter.
B. The namespace incorporates an application trait that can’t be a special case.
C. The namespace channels the information objects returned by the REST API.
D. The namespace doesn’t channel information objects returned by the REST API.
Right Answer: D
11.) What should be done while calling the serviceNS endpoint?
A. Confirm with an admin user.
B. Determine the user and application context in the URI.
C. Confirm with the client of the necessary setting.
D. Pass the client and application setting in the solicitation payload.
Right Answer: B
Explanation: Basic concepts about the Splunk platform REST API
12.) Expecting permissions are set fittingly, which REST endpoint way can be utilized by somebody with a power client job to get to data about mySearch, a saved inquiry possessed by somebody with a client job?
A. /servicesNS/-/search/saved/searches/mySearch
B. /servicesNS/search/saved/searches/mySearch
C. /servicesNS/object/saved/searches/mySearch
D. /servicesNS/-/data/saved/searches/mySearch
Right Answer: D
13.) Involving Splunk Web to adjust config settings for a common item, a reexamined config record with those changes is set in which registry?
A. $SPLUNK_HOME/etc/apps/myApp/default
B. $SPLUNK_HOME/etc/system/local
C. $SPLUNK_HOME/etc/system/local
D. $SPLUNK_HOME/etc/apps/myApp/local
Right Answer: A
14.) What application security best practices ought to be stuck to while fostering an application for Splunk? (Select all that apply.)
A. Review the OWASP Top Ten List.
B. Store passwords in clear text in .conf files.
C. Audit the OWASP Secure Coding Practices Quick Reference Guide.
D. Guarantee that outsider libraries that the application relies upon have no remarkable CVE vulnerabilities.
Right Answer: AC
Explanation: Security best practices for apps in Splunk Cloud Platform and Splunk Enterprise
15.) What application security best practices ought to be stuck to while fostering an application for Splunk? (Select all that apply.)
A. Review the OWASP Top Ten List.
B. Store passwords in clear text in .conf documents.
C. Survey the OWASP Secure Coding Practices Quick Reference Guide.
D. Guarantee that outsider libraries that the application relies upon have no exceptional CVE vulnerabilities.
Right Answer: AC
16.) There is a global search named ‘global_search’ characterized on a structure as displayed below:
index _internal source-*splunkd.log | details count by part, log_level
Which of the accompanying could be a legitimate post-processing search? (Select all that apply.)
A. | tstats count
B. sourcetype=mysourcetype
C. stats sum(count) AS count by log level
D. search log_level=error | details sum(count) AS count by part
Right Answer: CD
17.) To effectively speed up a report, which rules should the inquiry meet? (Select all that apply.)
A. Can’t utilize event sampling.
B. Utilize a transforming command.
C. Utilize a standard Splunk representation.
D. Orders before the first changing order should be streamable.
Right Answer: ABD
18.) Which proclamations are valid in regards to HEC (HTTP Event Collector) tokens? (Select all that apply.)
A. Various tokens can be made for use with various sourcetypes and records.
B. The alter token http administrator job capacity is expected to make a token.
C. To make a token, send a POST solicitation to administrations/gatherer endpoint.
D. Tokens can be altered utilizing the information/inputs/http/{tokenName} endpoint.
Right Answer: AC
19.) Which kind of order is tstats?
A. Generating
B. Centralized streaming
C. Transforming
D. Distributable streaming
Right Answer: A
20.) Which of coming up next is an illustration of a Splunk KV store use case? (Select all that apply.)
A. Stores checkpoint data for particular data sources.
B. Tracks work process in an incident-review framework.
C. Indexes metrics data from distant HTTP sources.
D. Stores application state as a client connects with an application.
Right Answer: AB