1) Which group of users would most likely use pivots?
A . Users
B . Architects
C . Administrators
D . Knowledge Managers
Answer: D
2) Information needed to create a GET workflow action includes which of the
following? (Choose all that apply.)
● A. A name for the workflow action.
● B. A...
1) Which group of users would most likely use pivots?
A . Users
B . Architects
C . Administrators
D . Knowledge Managers
Answer: D
2) Information needed to create a GET workflow action includes which of the
following? (Choose all that apply.)
● A. A name for the workflow action.
● B. A URI where the user will be directed at search time.
● C. A label that will appear in the Event Action menu at search time.
● D. A name for the URI where the user will be directed at search time.
Suggested Answer: ABC
3) What are the two parts of a root event dataset?
● A. Fields and variables.
● B. Fields and attributes.
● C. Constraints and fields.
● D. Constraints and lookups.
Suggested Answer: C
, 4) Which type of visualization shows relationships between discrete values in three
dimensions?
● A. Pie chart
● B. Line chart
● C. Bubble chart
● D. Scatter chart
Suggested Answer: D
5) Which of the following statements describes the use of the Field Extractor
(FX)?
● A. The Field Extractor automatically extracts all fields at search time.
● B. The Field Extractor uses PERL to extract fields from the raw events.
● C. Fields extracted using the Field Extractor persist as knowledge objects.
● D. Fields extracted using the Field Extractor do not persist and must be defined
for each search.
Suggested Answer: C
6) Which workflow action method can be used when the action type is set to link?
● A. GET
● B. PUT
● C. Search
● D. UPDATE
Suggested Answer: A
, 7) A field alias has been created based on an original field. A search without any
transforming commands is then executed in Smart Mode.
Which field name appears in the results?
● A. Both will appear in the All Fields list, but only if the alias is specified in the
search.
● B. Both will appear in the Interesting Fields list, but only if they appear in at least
20 percent of events.
● C. The original field only appears in All Fields list and the alias only appears in
the Interesting Fields list.
● D. The alias only appears in the All Fields list and the original field only appears
in te Interesting Fields list.
Suggested Answer: B
8) Which of the following statements describes macros?
● A. A macro is a reusable search string that must contain the full search.
● B. A macro is a reusable search string that must have a fixed time range.
● C. A macro is a reusable search string that may have a flexible time range.
● D. A macro is a reusable search string that must contain only a portion of the
search.
Suggested Answer: C
9)Which of the following statements describes field aliases?
● A. Field alias names replace the original field name.
● B. Field aliases can be used in lookup file definitions.
, ● C. Field aliases only normalize data across sources and sourcetypes.
● D. Field alias names are not case sensitive when used as part of a search.
Suggested Answer: B
10)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller THEEXCELLENCELIBRARY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.99. You're not tied to anything after your purchase.
