ExamGecko
Login
Home / Splunk / SPLK-1003 / List of questions
Ask Question

Splunk SPLK-1003 Practice Test - Questions Answers, Page 11

Add to Whishlist

List of questions

Question 101

Report Export Collapse

Which of the following is an appropriate description of a deployment server in a non-cluster environment?

Allows management of local Splunk instances, requires Enterprise license, handles job of sending configurations packaged as apps. can automatically restart remote Splunk instances.
Allows management of local Splunk instances, requires Enterprise license, handles job of sending configurations packaged as apps. can automatically restart remote Splunk instances.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can automatically restart remote Splunk instances.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can automatically restart remote Splunk instances.
Allows management of remote Splunk instances, requires no license, handles job of sending configurations, can automatically restart remote Splunk instances.
Allows management of remote Splunk instances, requires no license, handles job of sending configurations, can automatically restart remote Splunk instances.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can manually restart remote Splunk instances.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can manually restart remote Splunk instances.
Suggested answer: B
Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.2.1/Admin/StartSplunk

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Deploymentserverarchitecture

"A deployment client is a Splunk instance remotely configured by a deployment server".

asked 23/09/2024
Lucie Loisel
48 questions

Question 102

Report Export Collapse

Which Splunk forwarder has a built-in license?

Light forwarder
Light forwarder
Heavy forwarder
Heavy forwarder
Universal forwarder
Universal forwarder
Cloud forwarder
Cloud forwarder
Suggested answer: C
Explanation:

Reference: https://community.splunk.com/t5/Getting-Data-In/Do-we-need-a-license-for-Heavyforwarder/m-p/210451

asked 23/09/2024
Juan Garrido Soler
38 questions

Question 103

Report Export Collapse

What happens when the same username exists in Splunk as well as through LDAP?

Splunk user is automatically deleted from authentication.conf.
Splunk user is automatically deleted from authentication.conf.
LDAP settings take precedence.
LDAP settings take precedence.
Splunk settings take precedence.
Splunk settings take precedence.
LDAP user is automatically deleted from authentication.conf
LDAP user is automatically deleted from authentication.conf
Suggested answer: C
Explanation:

Reference:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Security/SetupuserauthenticationwithLDAP

Splunk platform attempts native authentication first. If authentication fails outside of a local account that doesn't exist, there is no attempt to use LDAP to log in. This is adapted from precedence of Splunk authentication schema.

asked 23/09/2024
Guillermo Carrasco
36 questions

Question 104

Report Export Collapse

Consider the following stanza in inputs.conf:

Splunk SPLK-1003 image Question 104 75412 09232024004541000000

What will the value of the source filed be for events generated by this scripts input?

/opt/splunk/ecc/apps/search/bin/liscer.sh
/opt/splunk/ecc/apps/search/bin/liscer.sh
unknown
unknown
liscer
liscer
liscer.sh
liscer.sh
Suggested answer: A
Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Inputsconf

-Scroll down to source = <string>

*Default: the input file path

asked 23/09/2024
Instel SL
35 questions

Question 105

Report Export Collapse

Which of the following applies only to Splunk index data integrity check?

Lookup table
Lookup table
Summary Index
Summary Index
Raw data in the index
Raw data in the index
Data model acceleration
Data model acceleration
Suggested answer: C
asked 23/09/2024
cristian vargas
45 questions

Question 106

Report Export Collapse

Which of the following types of data count against the license daily quota?

Replicated data
Replicated data
splunkd logs
splunkd logs
Summary index data
Summary index data
Windows internal logs
Windows internal logs
Suggested answer: D
Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Distdeploylicenses#Clustered_deployments_and_licensing_issues

Reference: https://community.splunk.com/t5/Deployment-Architecture/License-usage-in-Indexer-Cluster/m-p/493548

asked 23/09/2024
Ada Galilea
52 questions

Question 107

Report Export Collapse

Which of the following is a valid distributed search group?

[distributedSearch:Paris] default = false servers = server1, server2
[distributedSearch:Paris] default = false servers = server1, server2
[searchGroup:Paris] default = false servers = server1:8089, server2:8089
[searchGroup:Paris] default = false servers = server1:8089, server2:8089
[searchGroup:Paris] default = false servers = server1:9997, server2:9997
[searchGroup:Paris] default = false servers = server1:9997, server2:9997
[distributedSearch:Paris] default = false servers = server1:8089; server2:8089
[distributedSearch:Paris] default = false servers = server1:8089; server2:8089
Suggested answer: D
Explanation:

https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups

asked 23/09/2024
Yuri Mitrofanov
49 questions

Question 108

Report Export Collapse

Which default Splunk role could be assigned to provide users with the following capabilities?

Create saved searches

Edit shared objects and alerts

Not allowed to create custom roles

admin
admin
power
power
user
user
splunk-system-role
splunk-system-role
Suggested answer: B
Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.2.3/Admin/Aboutusersandroles

The power role is a default Splunk role that grants users the ability to create saved searches, edit shared objects and alerts, and access advanced search commands. However, the power role does not allow users to create custom roles, which is a privilege reserved for the admin role. Therefore, option B is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [About configuring role-based user access - Splunk Documentation]

asked 23/09/2024
Casie Clements
40 questions

Question 109

Report Export Collapse

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

Default app
Default app
LDAP group
LDAP group
Password
Password
Username
Username
Suggested answer: A
Explanation:

When Splunk is integrated with LDAP, most of the user attributes are managed by the LDAP server and cannot be changed in the Splunk UI. However, one exception is the default app attribute, which specifies which app a user sees when they log in to Splunk. This attribute can be changed in the Splunk UI by editing the user settings. Therefore, option A is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [Configure Splunk to use LDAP and map groups - Splunk Documentation]

asked 23/09/2024
David Hartnett
45 questions

Question 110

Report Export Collapse

Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?

splunk btool server list --debug
splunk btool server list --debug
splunk list forward-indexer
splunk list forward-indexer
splunk list forward-server
splunk list forward-server
splunk btool indexes list --debug
splunk btool indexes list --debug
Suggested answer: C
Explanation:

Reference: https://community.splunk.com/t5/All-Apps-and-Add-ons/How-do-I-configure-a-Splunk-Forwarder-on-Linux/m-p/72078

The CLI command to view the current forwarder to indexer configuration is splunk list forward-server.

This command displays the hostnames and port numbers of the indexers that the forwarder sends data to. Therefore, option C is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [Use CLI commands to manage your forwarders - Splunk Documentation]

asked 23/09/2024
Sandesh Somaiah
46 questions
Total 189 questions
Go to page: of 19
Open VPLUS File
Convert VPLUS to PDF

Related questions

In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which of the following statements describe deployment management? (select all that apply)
Which is a valid stanza for a network input?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
Which file will be matched for the following monitor stanza in inputs. conf?
Within props. conf, which stanzas are valid for data modification? (select all that apply)