Question 1

After manually editing; a regular expression (regex), which of the following statements is true?

Options :

A : Changes made manually can be reverted in the Field Extractor (FX) UI.

B : It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

C :

It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor (FX) UI

D :

The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was manually edited.

Answer: B

Question 2

Which of the following searches will return events contains a tag name Privileged?

Options :

A : Tag= Priv

B : Tag= Pri*

C : Tag= Priv*

D : Tag= Privileged

Answer: B

Question 3

Which syntax is used to represent an argument in a macro definition?

Options :

A : "argument"

B : %argument%

C : ‘argument’

D : $argument$

Answer: D

Question 4

When creating a data model, which root dataset requires at least one constraint?

Options :

A : Root transaction dataset

B : Root event dataset

C : Root child dataset

D : Root search dataset

Answer: B

Question 5

What is the relationship between data models and pivots?

Options :

A : Data models provide the datasets for pivots.

B : Pivots and data models have no relationship.

C : Pivots and data models are the same thing.

D : Pivots provide the datasets for data models.

Answer: A

Smartly Prepare Exam with Free Online SPLK-1002 Practice Test