Question 1

By default search results are not returned in ________ order.

Options :

A : Chronological

B : Reverser chronological

C : ASCIE

D : Alphabetical

Answer: A,D

Question 2

The limit attribute will___________.

Options :

A : override default of 10

B : only work with top command

C : override default of 20

D : override default of 15

Answer: A

Question 3

What is the relationship between data models and pivots?

Options :

A : Data models provide the datasets for pivots.

B : Pivots and data models have no relationship.

C : Pivots and data models are the same thing.

D : Pivots provide the datasets for data models.

Answer: A

Question 4

What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)

Options :

A : The average time elapsed during each transaction for all transactions

B : The average time for each event within each transaction

C : The average time between each transaction

Answer: A

Question 5

How can an existing accelerated data model be edited?

Options :

A : An accelerated data model can be edited once its .tsidx file has expired.

B : An accelerated data model can be edited from the Pivot tool.

C : The data model must be de-accelerated before edits can be made to its structure.

D : It cannot be edited. A new data model would need to be created.

Answer: C