- (Exam Topic 2)
Which of the following statements describes POST workflow actions?

1. A. Configuration of a POST workflow action includes choosing a sourcetype.
2. B. POST workflow actions can be configured to send email to the URI location.
3. C. By default, POST workflow action are shown in both the event and field menus.
4. D. POST workflow actions can be configured to send POST arguments to the URI location.

Correct Answer: D
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/SetupaPOSTworkflowaction

- (Exam Topic 1)
Which of the following describes the Splunk Common Information Model (CIM) add-on?

1. A. The CIM add-on uses machine learning to normalize data.
2. B. The CIM add-on contains dashboards that show how to map data.
3. C. The CIM add-on contains data models to help you normalize data.
4. D. The CIM add-on is automatically installed in a Splunk environment.

Correct Answer: C
The Splunk Common Information Model (CIM) add-on is a Splunk app that contains data models to help you normalize data from different sources and formats. The CIM add-on defines a common and consistent way of naming and categorizing fields and events in Splunk. This makes it easier to correlate and analyze data across different domains, such as network, security, web, etc. The CIM add-on does not use machine learning to normalize data, but rather relies on predefined field names and values. The CIM add-on does not contain dashboards that show how to map data, but rather provides documentation and examples on how to use the data models. The CIM add-on is not automatically installed in a Splunk environment, but rather needs to be downloaded and installed from Splunkbase.

- (Exam Topic 2)
This is what Splunk uses to categorize the data that is being indexed.

1. A. sourcetype
2. B. index
3. C. source
4. D. host

Correct Answer: A

- (Exam Topic 2)
When a search returns _______, you can view the results as a list.

1. A. a list of events
2. B. transactions
3. C. statistical values

Correct Answer: C

- (Exam Topic 1)
When creating a Search workflow action, which field is required?

1. A. Search string
2. B. Data model name
3. C. Permission setting
4. D. An eval statement

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Setupasearchworkflowaction A workflow action is a link that appears when you click an event field value in your search results2. A
workflow action can open a web page or run another search based on the field value2. There are two types of workflow actions: GET and POST2. A GET workflow action appends the field value to the end of a URI and opens it in a web browser2. A POST workflow action sends the field value as part of an HTTP request to a web server2. When creating a Search workflow action, which is a type of GET workflow action that runs another search based on the field value, the only required field is the search string2. The search string defines the search that will be run when the workflow action is clicked2. Therefore, option A is correct, while options B, C and D are incorrect because they are not required fields for creating a Search workflow action.