SPLK-1003 • Timed Practice Test 5
This is a timed practice session. You have 10 minutes to answer 10 questions — approximately 1 minute per question, matching real SPLK-1003 exam pace. Answer every question before time expires.
Time remaining
10:00
Exam-pace drill
Allow 1 minute per question. On the real SPLK-1003 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
Refer to the exhibit. A security analyst runs this search to group SSH login events into sessions based on a session_id that is extracted only from 'Accepted publickey' events. However, the resulting transactions contain only the 'Accepted publickey' event and none of the subsequent commands or logouts. What is the most likely cause?
Refer to the exhibit. ``` index=security sourcetype=linux_secure | eval session_id=if(like(_raw,"Accepted publickey"), _raw, null()) | transaction session_id maxpause=5m | table _time, session_id, duration ```