1) Which group of users would most likely use pivots?
A . Users
B . Architects
C . Administrators
D . Knowledge Managers
Answer: D
2) Information needed to create a GET workflow action includes which of the
following? (Choose all that apply.)
● A. A name for the workflow action.
● B. A URI where the user will be directed at search time.
● C. A label that will appear in the Event Action menu at search time.
● D. A name for the URI where the user will be directed at search time.
Suggested Answer: ABC
3) What are the two parts of a root event dataset?
● A. Fields and variables.
● B. Fields and attributes.
● C. Constraints and fields.
● D. Constraints and lookups.
Suggested Answer: C
, 4) Which type of visualization shows relationships between discrete values in three
dimensions?
● A. Pie chart
● B. Line chart
● C. Bubble chart
● D. Scatter chart
Suggested Answer: D
5) Which of the following statements describes the use of the Field Extractor
(FX)?
● A. The Field Extractor automatically extracts all fields at search time.
● B. The Field Extractor uses PERL to extract fields from the raw events.
● C. Fields extracted using the Field Extractor persist as knowledge objects.
● D. Fields extracted using the Field Extractor do not persist and must be defined
for each search.
Suggested Answer: C
6) Which workflow action method can be used when the action type is set to link?
● A. GET
● B. PUT
● C. Search
● D. UPDATE
Suggested Answer: A
, 7) A field alias has been created based on an original field. A search without any
transforming commands is then executed in Smart Mode.
Which field name appears in the results?
● A. Both will appear in the All Fields list, but only if the alias is specified in the
search.
● B. Both will appear in the Interesting Fields list, but only if they appear in at least
20 percent of events.
● C. The original field only appears in All Fields list and the alias only appears in
the Interesting Fields list.
● D. The alias only appears in the All Fields list and the original field only appears
in te Interesting Fields list.
Suggested Answer: B
8) Which of the following statements describes macros?
● A. A macro is a reusable search string that must contain the full search.
● B. A macro is a reusable search string that must have a fixed time range.
● C. A macro is a reusable search string that may have a flexible time range.
● D. A macro is a reusable search string that must contain only a portion of the
search.
Suggested Answer: C
9)Which of the following statements describes field aliases?
● A. Field alias names replace the original field name.
● B. Field aliases can be used in lookup file definitions.
, ● C. Field aliases only normalize data across sources and sourcetypes.
● D. Field alias names are not case sensitive when used as part of a search.
Suggested Answer: B
10)
A . Users
B . Architects
C . Administrators
D . Knowledge Managers
Answer: D
2) Information needed to create a GET workflow action includes which of the
following? (Choose all that apply.)
● A. A name for the workflow action.
● B. A URI where the user will be directed at search time.
● C. A label that will appear in the Event Action menu at search time.
● D. A name for the URI where the user will be directed at search time.
Suggested Answer: ABC
3) What are the two parts of a root event dataset?
● A. Fields and variables.
● B. Fields and attributes.
● C. Constraints and fields.
● D. Constraints and lookups.
Suggested Answer: C
, 4) Which type of visualization shows relationships between discrete values in three
dimensions?
● A. Pie chart
● B. Line chart
● C. Bubble chart
● D. Scatter chart
Suggested Answer: D
5) Which of the following statements describes the use of the Field Extractor
(FX)?
● A. The Field Extractor automatically extracts all fields at search time.
● B. The Field Extractor uses PERL to extract fields from the raw events.
● C. Fields extracted using the Field Extractor persist as knowledge objects.
● D. Fields extracted using the Field Extractor do not persist and must be defined
for each search.
Suggested Answer: C
6) Which workflow action method can be used when the action type is set to link?
● A. GET
● B. PUT
● C. Search
● D. UPDATE
Suggested Answer: A
, 7) A field alias has been created based on an original field. A search without any
transforming commands is then executed in Smart Mode.
Which field name appears in the results?
● A. Both will appear in the All Fields list, but only if the alias is specified in the
search.
● B. Both will appear in the Interesting Fields list, but only if they appear in at least
20 percent of events.
● C. The original field only appears in All Fields list and the alias only appears in
the Interesting Fields list.
● D. The alias only appears in the All Fields list and the original field only appears
in te Interesting Fields list.
Suggested Answer: B
8) Which of the following statements describes macros?
● A. A macro is a reusable search string that must contain the full search.
● B. A macro is a reusable search string that must have a fixed time range.
● C. A macro is a reusable search string that may have a flexible time range.
● D. A macro is a reusable search string that must contain only a portion of the
search.
Suggested Answer: C
9)Which of the following statements describes field aliases?
● A. Field alias names replace the original field name.
● B. Field aliases can be used in lookup file definitions.
, ● C. Field aliases only normalize data across sources and sourcetypes.
● D. Field alias names are not case sensitive when used as part of a search.
Suggested Answer: B
10)
