SPLK-2001 Online Practice Questions and Answers

What application security best practices should be adhered to while developing an app for Splunk? (Select all that apply.)

A. Review the OWASP Top Ten List.

B. Store passwords in clear text in .conf files.

C. Review the OWASP Secure Coding Practices Quick Reference Guide.

D. Ensure that third-party libraries that the app depends on have no outstanding CVE vulnerabilities.

Which of the following are true of auto-refresh for dashboard panels? (Select all that apply.)

A. Applies to inline searches and saved searches.

B. Enabling auto-refresh for a report requires editing XML.

C. Post-processing searches are refreshed when their base searches are refreshed.

D. Each post-processing search using the same base search can have a different refresh time.

Which of the following endpoints is used to authenticate with the Splunk REST API?

A. /services/auth/login

B. /services/session/login

C. /services/auth/session/login

D. /servicesNS/authentication/login

Consider the following Python code snippet used in a Splunk add-on:

if not os.path.exists(full_path): self.doAction(full_path, header) else: f = open(full_path) oldORnew = f.readline().split(",") f.close()

An attacker could create a denial of service by causing an error in either the open() or readline() commands. What type of vulnerability is this?

A. CWE-693: Protection Mechanism Failure

B. CWE-562: Return of Stack Variable Address

C. CWE-404: Improper Resource Shutdown or Release

D. CWE-636: Not Failing Securely (`Failing Open')

The response message from a successful Splunk REST call includes an element. What is contained in an element?

A. A dictionary of elements.

B. Metadata encapsulating the element.

C. A response code indicating success or failure.

D. An individual element in an collection.

How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)

A. By configuring a WMI input.

B. By using HTTP event collector.

C. By using a Windows heavy forwarder.

D. By using a Windows universal forwarder.

To delete the record with a _key value of smith from the sales collection, a DELETE request should be sent to which REST endpoint?

A. /storage/collections/sales/smith

B. /storage/kvstore/data/sales/smith

C. /storage/collections/data/sales/smith

D. /storage/kvstore/collections/sales/smith

Which of the following ensures that quotation marks surround the value referenced by the token?

A. $token_name|s$

B. "$token_name$"

C. ($token_name$)

D. \"$token_name$\"

A dashboard is taking too long to load. Several searches start with the same SPL. How can the searches be optimized in this dashboard? (Select all that apply.)

A. Convert searches to include NOT expressions.

B. Restrict the time range of the search as much as possible.

C. Replace | stats command with | transaction command wherever possible.

D. Convert the common SPL into a Global Search and convert the other searches to post-processing searches.

Data can be added to a KV store collection in which of the following format(s)?

A. JSON

B. JSON, XML

C. JSON, XML, CSV

D. JSON, XML, CSV, TXT