SPLK-1003 Advanced Searching and Statistics • Timed 20 Questions
This is a timed practice session. You have 20 minutes to answer 20 questions — approximately 1 minute per question, matching real SPLK-1003 exam pace. Answer every question before time expires.
Time remaining
20:00
Exam-pace drill
Allow 1 minute per question. On the real SPLK-1003 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst needs to find all events where the field 'user' has a value that is either 'admin' or 'root', but the search is returning too many results from a noisy source. Which search best filters the events to only include those where the 'user' field exactly matches 'admin' or 'root'?