The tag=Priv* search will return events containing a tag named Privileged, as well as any other tag that starts
with Priv. The asterisk (*) is a wildcard character that matches zero or more characters. The other searches
will not match the exact tag name.

Explanation
The correct answer is D. limit=0. This is because the limit argument specifies the maximum number of series to display in the chart. If you set limit=0, no series filtering occurs and all values are returned. You can learn more about the limit argument and how it works with the agg argument from the Splunk documentation1. The other options are incorrect because they are not valid values for the limit argument. The limit argument expects an integer value, not a string or a wildcard. You can learn more about the syntax and usage of the timechart command from the Splunk documentation23.

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Timechart

The transaction command is a Splunk command that finds transactions based on events that meet various constraints .
Transactions are made up of the raw text (the _raw field) of each member, the time and date fields of the earliest member, as well as the union of all other fields of each member .
The transaction command groups events together by matching one or more fields that have the same value across the events . For example, | transaction clientip will group events that have the same value in the clientip field.