Exam SPLK-1002 topic 1 question 12 discussion

As others have said, A - Correct B - Correct Now for the interesting ones. C - CIM can create reports, which are a type of saved search, which are knowledge objects. Also, yes it is the knowledge manager's role: "you can use the models to generate reports", from the Knowledge Management docs https://docs.splunk.com/Documentation/Splunk/8.2.1/Knowledge/UnderstandandusetheCommonInformationModel - Correct D - Splunk's splexicon for add-on: "A type of app..." and the F2 pdf "The CIM add-on is a search time app..." https://docs.splunk.com/Splexicon:Addon - Correct ABCD is correct

Friends,finally ABC? could you please confirm this answer?

A. CIM is a methodology for normalizing data. The CIM provides a standardized approach to normalizing data into common fields and tags, regardless of the source. B. CIM can correlate data from different sources. By normalizing data into a common format, the CIM allows Splunk to correlate events and fields across various data sources. C. The Knowledge Manager uses the CIM to create knowledge objects. This statement is incorrect. While the CIM provides a foundation for building knowledge objects, the Knowledge Manager's role is not explicitly tied to the CIM. D. CIM is an app that can coexist with other apps on a single Splunk deployment. The CIM is available as a Splunk add-on and can coexist with other apps on the same Splunk deployment.

ABCD is correct according to Udemy course as well.

ABD: pg 267 F2

I think ABC is correct. Yes, CIM add-on is an app that can be downloaded from splunkbase but as for CIM itself, it is a set of data models which you can use during search time

ABCD are correct

what is the correct answer? ABD or just AB

"CIM is an app that can coexist with other apps on a single Splunk deployment" is not correct

A different perspective but it is A, C and D for me A - yes B - no because the CIM is used to normalise, not to correlate C - yes D - yes, according to the Splexicon, an add-on is a type of app therefore D is correct

It doesn't say it needs 3 answer, just A and B are the confirmed right answers.

This is a hard understandable and trick question. In my first read I thought it was ABC but after a while and doing some researches I end up with A and B. Here is my explanation: C - CIM is not a tool to create Knowledge OBjects. Knowledge manager use CIM to have a default start up of Knowledge OBjects. D - Despite Add-on be a TYPE of APP, add-on is not equal to an app. "Unlike an Add-on, App caters towards only a single perspective. It is used only for one common goal and it can be used for a specific thing." https://dev.splunk.com/enterprise/docs/welcome/?_gl=1*1x7ca1c*_ga*MjA0MTE4MDA2OC4xNjQzMDI4MzEx*_gid*OTYwNjk3ODMxLjE2NTEwNjgwMDE.&_ga=2.11612092.960697831.1651068001-2041180068.1643028311#What-is-a-Splunk-app https://dev.splunk.com/enterprise/docs/welcome/?_gl=1*1x7ca1c*_ga*MjA0MTE4MDA2OC4xNjQzMDI4MzEx*_gid*OTYwNjk3ODMxLjE2NTEwNjgwMDE.&_ga=2.11612092.960697831.1651068001-2041180068.1643028311#What-is-a-Splunk-add-on

Agree with Ajames21 - option D is incorrect because CIM is an add-on, not an app. So correct answer is ABC See this discussion on the differences between apps and add-ons: https://www.splunk.com/en_us/blog/tips-and-tricks/what-are-splunk-apps-and-add-ons.html and this page on the CIM add-on: https://splunkbase.splunk.com/app/1621/#/details (App Type is listed as Add-on, bottom right corner of Details tab)

Option D is really confusing, but according to page 268: CIM only helps to ensure – Multiple apps can co-exist on a single Splunk deployment.

Fun2(page 268) What is the Common Information Model (CIM)? • The Splunk Common Information Model provides a methodology to normalize data • Leverage the CIM when creating field extractions, field aliases, event types, and tags to ensure: – Multiple apps can co-exist on a single Splunk deployment – Object permissions can be set to global for the use of multiple apps – Easier and more efficient correlation of data from different sources and source types

ABC is correct A - Duh B - page 268 fundamentals 2 C - reports and dashboards are knowledge objects, https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtocreatereportsanddashboards D - CIM is an addon not an app, obvious trick wording https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview

A lot of different responses for this question! It seems to be ambiguously worded, i thought ABC was correct