ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1005
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When creating a new index, which of the following is true about archiving expired events?
Where can an administrator download the Splunk Cloud Universal Forwarder credentials package?
What two files are used in the data transformation process?
How is it possible to test a script from the Splunk perspective before using it within a scripted input?
A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?
Which of the following are default Splunk Cloud user roles?
Due to internal security policies, a Splunk Cloud administrator cannot send data directly to Splunk Cloud from certain data sources. Additional parsing and API-based data sources also need to be sent to Splunk Cloud. What forwarder type should the Splunk Cloud administrator use to satisfy these requirements within their environment?
Which of the following statements is true regarding sedcmd?
Which of the following is a valid method to test if a forwarder can successfully send data to Splunk Cloud?
What is a private app?

Question 6 - SPLK-1005 discussion

Report
Export

A Splunk Cloud administrator is looking to allow a new group of Splunk users in the marketing department to access the Splunk environment and view a dashboard with relevant data. These users need to access marketing data (stored in the marketing_data index), but shouldn't be able to access other data, such as events related to security or operations.

Which approach would be the best way to accomplish these requirements?

A.

Create a new user with access to the marketing_data index assigned.

Answers
A.

Create a new user with access to the marketing_data index assigned.

B.

Create a new role that inherits the user role and remove the capability to search indexes other than marketing_data.

Answers
B.

Create a new role that inherits the user role and remove the capability to search indexes other than marketing_data.

C.

Create a new role that inherits the admin rote and assign access to the marketing_dat.a index.

Answers
C.

Create a new role that inherits the admin rote and assign access to the marketing_dat.a index.

D.

Create a new role that does not inherit from any other role, turn on the same capabilities as the user role, and assign access to the marketing_data index.

Answers
D.

Create a new role that does not inherit from any other role, turn on the same capabilities as the user role, and assign access to the marketing_data index.

Suggested answer: B

Explanation:

The best approach to meet the requirements of the marketing department is to create a new role that inherits the user role but with restricted access to only the marketing_data index. This setup allows users to perform searches and view dashboards while ensuring they cannot access other indexes such as those containing security or operations data.

Splunk Documentation

Reference: Splunk Role-based Access Control

Show Answer
asked 10/10/2024
Rajesh Maharajan
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms