Splunk SPLK-1001 Practice Test - Questions Answers, Page 13
Question list
List of questions
Related questions
Universal forwarder is recommended for forwarding the logs to indexers.
A.
False
B.
True
Splunk apps are used for following (Choose three.):
A.
Designed to cater numerous use cases and empower Splunk.
B.
We can not install Splunk App.
C.
Allows multiple workspaces for different use cases/user roles.
D.
It is collection of different Splunk config files like data inputs, UI and Knowledge Object.
Three basic components of Splunk are (Choose three.):
A.
Forwarders
B.
Deployment Server
C.
Indexer
D.
Knowledge Objects
E.
Index
F.
Search Head
What is Splunk?
A.
Splunk is a software platform to search, analyze and visualize the machine-generated data.
B.
Database management tool.
C.
Security Information and Event Management (SIEM).
D.
Cloud based application that help in analyzing logs.
We should use heavy forwarder for sending event-based data to Indexers.
A.
False
B.
True
Splunk Enterprise is used as a Scalable service in Splunk Cloud.
A.
True
B.
False
Which component of Splunk let us write SPL query to find the required data?
A.
Forwarders
B.
Indexer
C.
Heavy Forwarders
D.
Search head
All components are installed and administered in Splunk Enterprise on-premise.
A.
True
B.
False
Log filtering/parsing can be done from _____________.
A.
Index Forwarders (IF)
B.
Universal Forwarders (UF)
C.
Super Forwarder (SF)
D.
Heavy Forwarders (HF)
Which is the default app for Splunk Enterprise?
A.
Splunk Enterprise Security Suite
B.
Searching and Reporting
C.
Reporting and Searching
D.
Splunk apps for Security
Question