EMT Practice Test

1. Question Content...


Question List

Question1: After updating a dashboard in myApp, a Splunk admin moves myApp to a different Splunk instance. After logging in to the new instance, the dashboard is not seen. What could have happened? (Select all that apply.)

Question2: Which of the following is an intended use of HTTP Event Collector tokens?

Question3: Which type of command is tstats?

Question4: A user wants to add the token $token_name$ to a dashboard for use in a drilldown. Which token filter encodes URL values?

Question5: Which of the following Simple XML elements configure panel link buttons? (Select all that apply.)

Question6: What must be done when calling the serviceNS endpoint?

Question7: Which of the following are security best practices for Splunk app development? (Select all that apply.)

Question8: Which of the following is true of a namespace?

Question9: In order to successfully accelerate a report, which criteria must the search meet? (Select all that apply.)

Question10: Searching "index=_internal metrics | head 3" from Splunk Web returned the following events:
04-12-2018 18:39:43.514 +0200 INFO Metrics - group=thruput, name=thruput, instantaneous_kbps=0.9651774014563425, instantaneous_eps=5.645638802094809, average_kbps=1.198995639527069, total_k_processed=2676, kb=29.91796875, ev=175, load_average=3.85888671875
04-12-2018 18:39:43.514 +0200 INFO Metrics - group_thruput, name_syslog_output, instantaneous_kbps=0, instantaneous_eps_0, average_kbps=0, total_k_processed=0, kb=0, ev=0
04-12-2018 18:39:43.513 +0200 INFO Metrics - group_thruput, name_index_thruput, instantaneous_kbps=0.9651773703189551, instantaneous_eps=4.87137960922438, average_kbps=1.1985932324065556, total_k_processed=2675, kb=29.91796875, ev=151 When the same search is required from a REST API call, which fields will be given? (Select all that apply.)

Question11: When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the results size in the results? (Select all that apply.)

Question12: Which of these URLs could be used to construct a REST request to search the employee KV store collection to find records with a rating greater than or equal to 2 and less than 5?

Question13: Given a dashboard with a Simple XML extension in myApp, what is the XML reference for the file myJS.js located in myOtherApp in the location shown below?
$SPLUNK_HOME/etc/apps/myOtherApp/appserver/static/javascript/

Question14: Which of the following are valid request arguments for the REST search endpoints? (Select all that apply.)

Question15: When using the Splunk Web Framework to create a global search, which is the correct post-process syntax for the base search shown below?
var searchmain = new SearchManager{{ id: "base-search",
search: "index= internal | head 10 | fields "*", preview: true,
cache: true
}};

Question16: Which files within an app contain permissions information? (Select all that apply.)

Question17: Which of the following are characteristics of an add-on? (Select all that apply.)

Question18: When output_mode is not used, which element of a feed is a human readable name for a returned entry?

Question19: Which of the following are benefits from using Simple XML Extensions? (Select all that apply.)

Question20: Which of the following will unset a token named my_token?

Question21: A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says "fix the permissions".
In what configuration file should the snippet be placed?
[]
access = read : [ * ], write : [ admin ] export - system
(Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/<app name>)

Question22: How can indexer acknowledgement be enabled for HTTP Event Collector (HEC)? (Select all that apply.)

Question23: Consider the following Python code snippet used in a Splunk add-on:
if not os.path.exists(full_path): self.doAction(full_path, header) else: f = open (full_path) oldORnew = f.readline().split(",") f.close() An attacker could create a denial of service by causing an error in either the open() or readline() commands. What type of vulnerability is this?

Question24: Which of the following search commands can be used to perform statistical queries on indexed fields in TSIDX files?