SPLK-1002 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-1002 Exam - Question 25

Which of the following searches will return events containing a tag named Privileged?

Show Answer
Correct Answer: B

Tags in Splunk are case-sensitive. Therefore, to search for events containing a tag named 'Privileged', we need to ensure that our search term also respects the case sensitivity. Using 'tag=Priv*' will match all tags starting with 'Priv' including 'Privileged'. This makes option B the correct choice.

Discussion

14 comments
Sign in to comment
kbishtOption: B
Sep 2, 2020

B is the correct ans

Racgud
Sep 10, 2020

D is the correct ans "Verify that all privileged activity is returned. tag=privileged Returns privileged user activity data." ref: https://docs.splunk.com/Documentation/PCI/4.1.0/Install/PrivilegedUserActivity please don't comment the wrong answer, check the documentation before you post in the future :)

adamforsythebartlett
Nov 19, 2020

^that's an example for a tag "privileged," not "Privileged"

Bianchi
Aug 3, 2021

"please don't comment the wrong answer, check the documentation before you post in the future :)" that's right Racgud, but take if for yourself since the ans is B!

MxQ3
Jun 24, 2022

lmao! Racgud got pwned hard. B is correct answer Tags are CaSe sentitive and can be used with wildards.

SasnycoN
Nov 18, 2021

Tags are CASE SENSITIVE and can use wildcard. So A: tag=Priv* is the correct anser.

allansidOption: B
Oct 30, 2020

the answer is B, tag are case sensitive. Privileged != privileged

TaksOption: B
Sep 16, 2020

Tricky one but I agree with "kbisht" Correct Answer is B. Tag names are case sensitive and the question is: Which of the following searches will return events containing a tag named Privileged?, Capital letter P..... For example, "Privileged" and "privileged" are two different words because the "P" is uppercase in the first example and lowercase in the second example...See pages 194-196 in Splunk 7.X Fundamentals Part 2 PDF

antukin
Feb 21, 2021

page 193 shows that "Tags are case sensitive" page 196-197 shows that tags can be searched through wildcard (*)

Sandy_1988Option: B
Nov 2, 2020

B should be the answer

exteaOption: B
Jan 2, 2021

B case sensitive

LalithadeviOption: B
Apr 4, 2021

tag names are case sensitive. In this case B is correct ans. Ref Fund2 : 196

geedawgieOption: B
Mar 28, 2022

Definitely B - done in a lab to make sure.

MxQ3
Jun 24, 2022

thank you

HuddaOption: D
Jul 9, 2021

agreed with D. pls confirm friends.

mohanmk95
Apr 21, 2023

Please do refer the this document https://docs.splunk.com/Documentation/PCI/latest/Install/PrivilegedUserActivity

M9201715Option: B
Oct 7, 2021

Definitely B. Tags are case-sensitive

huu_nguyenOption: B
Jan 25, 2022

B is the correct answer because Tag is case-sensitive

NanilaOption: D
Mar 9, 2021

D is the correct answer. Pg 197. The examples are listed

ademide2
Apr 15, 2022

Tags are case sensitive therefore Priv* is correct

ravindraz
Jun 10, 2021

p197 of f2

Hudda
Jul 9, 2021

Friends, the final answer is B or D? Could you please confirm this answer?

Sutanu_97
Aug 23, 2021

B is the right answer due to case sensitivity

Nicker9Option: B
Jul 10, 2022

tags are case sensitive so it must be B