Exam SPLK-1002 All QuestionsBrowse all questions from this exam
Go to Exam
Question 25

Which of the following searches will return events containing a tag named Privileged?

    Correct Answer: B

    Tags in Splunk are case-sensitive. Therefore, to search for events containing a tag named 'Privileged', we need to ensure that our search term also respects the case sensitivity. Using 'tag=Priv*' will match all tags starting with 'Priv' including 'Privileged'. This makes option B the correct choice.

Discussion
kbishtOption: B

B is the correct ans

Racgud

D is the correct ans "Verify that all privileged activity is returned. tag=privileged Returns privileged user activity data." ref: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity please don't comment the wrong answer, check the documentation before you post in the future :)

adamforsythebartlett

^that's an example for a tag "privileged," not "Privileged"

Bianchi

"please don't comment the wrong answer, check the documentation before you post in the future :)" that's right Racgud, but take if for yourself since the ans is B!

MxQ3

lmao! Racgud got pwned hard. B is correct answer Tags are CaSe sentitive and can be used with wildards.

SasnycoN

Tags are CASE SENSITIVE and can use wildcard. So A: tag=Priv* is the correct anser.

allansidOption: B

the answer is B, tag are case sensitive. Privileged != privileged

TaksOption: B

Tricky one but I agree with "kbisht" Correct Answer is B. Tag names are case sensitive and the question is: Which of the following searches will return events containing a tag named Privileged?, Capital letter P..... For example, "Privileged" and "privileged" are two different words because the "P" is uppercase in the first example and lowercase in the second example...See pages 194-196 in Splunk 7.X Fundamentals Part 2 PDF

antukin

page 193 shows that "Tags are case sensitive" page 196-197 shows that tags can be searched through wildcard (*)

Sandy_1988Option: B

B should be the answer

geedawgieOption: B

Definitely B - done in a lab to make sure.

MxQ3

thank you

LalithadeviOption: B

tag names are case sensitive. In this case B is correct ans. Ref Fund2 : 196

exteaOption: B

B case sensitive

huu_nguyenOption: B

B is the correct answer because Tag is case-sensitive

M9201715Option: B

Definitely B. Tags are case-sensitive

HuddaOption: D

agreed with D. pls confirm friends.

mohanmk95

Please do refer the this document https://docs.splunk.com/Documentation/PCI/latest/Install/PrivilegedUserActivity

Nicker9Option: B

tags are case sensitive so it must be B

Hudda

Friends, the final answer is B or D? Could you please confirm this answer?

Sutanu_97

B is the right answer due to case sensitivity

ravindraz

p197 of f2

NanilaOption: D

D is the correct answer. Pg 197. The examples are listed

ademide2

Tags are case sensitive therefore Priv* is correct