SPLK-1003 Advanced Searching and Statistics • Timed 40 Questions
This is a timed practice session. You have 40 minutes to answer 40 questions — approximately 1 minute per question, matching real SPLK-1003 exam pace. Answer every question before time expires.
Time remaining
40:00
Exam-pace drill
Allow 1 minute per question. On the real SPLK-1003 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst needs to find all events where the field 'user' has a value that is either 'admin' or 'root', but the search is returning too many results from a noisy source. Which search best filters the events to only include those where the 'user' field exactly matches 'admin' or 'root'?