ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 101

Report
Export
Collapse

Which of the following is an appropriate description of a deployment server in a non-cluster environment?

A.
Allows management of local Splunk instances, requires Enterprise license, handles job of sending configurations packaged as apps. can automatically restart remote Splunk instances.
A.
Allows management of local Splunk instances, requires Enterprise license, handles job of sending configurations packaged as apps. can automatically restart remote Splunk instances.
Answers
B.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can automatically restart remote Splunk instances.
B.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can automatically restart remote Splunk instances.
Answers
C.
Allows management of remote Splunk instances, requires no license, handles job of sending configurations, can automatically restart remote Splunk instances.
C.
Allows management of remote Splunk instances, requires no license, handles job of sending configurations, can automatically restart remote Splunk instances.
Answers
D.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can manually restart remote Splunk instances.
D.
Allows management of remote Splunk instances, requires Enterprise license, handles job of sending configurations, can manually restart remote Splunk instances.
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.2.1/Admin/StartSplunk

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Deploymentserverarchitecture

"A deployment client is a Splunk instance remotely configured by a deployment server".

Question 102

Report
Export
Collapse

Which Splunk forwarder has a built-in license?

A.
Light forwarder
A.
Light forwarder
Answers
B.
Heavy forwarder
B.
Heavy forwarder
Answers
C.
Universal forwarder
C.
Universal forwarder
Answers
D.
Cloud forwarder
D.
Cloud forwarder
Answers
Suggested answer: C

Explanation:

Reference: https://community.splunk.com/t5/Getting-Data-In/Do-we-need-a-license-for-Heavyforwarder/m-p/210451

Question 103

Report
Export
Collapse

What happens when the same username exists in Splunk as well as through LDAP?

A.
Splunk user is automatically deleted from authentication.conf.
A.
Splunk user is automatically deleted from authentication.conf.
Answers
B.
LDAP settings take precedence.
B.
LDAP settings take precedence.
Answers
C.
Splunk settings take precedence.
C.
Splunk settings take precedence.
Answers
D.
LDAP user is automatically deleted from authentication.conf
D.
LDAP user is automatically deleted from authentication.conf
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Security/SetupuserauthenticationwithLDAP

Splunk platform attempts native authentication first. If authentication fails outside of a local account that doesn't exist, there is no attempt to use LDAP to log in. This is adapted from precedence of Splunk authentication schema.

Question 104

Report
Export
Collapse

Consider the following stanza in inputs.conf:

What will the value of the source filed be for events generated by this scripts input?

A.
/opt/splunk/ecc/apps/search/bin/liscer.sh
A.
/opt/splunk/ecc/apps/search/bin/liscer.sh
Answers
B.
unknown
B.
unknown
Answers
C.
liscer
C.
liscer
Answers
D.
liscer.sh
D.
liscer.sh
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Inputsconf

-Scroll down to source = <string>

*Default: the input file path

Question 105

Report
Export
Collapse

Which of the following applies only to Splunk index data integrity check?

A.
Lookup table
A.
Lookup table
Answers
B.
Summary Index
B.
Summary Index
Answers
C.
Raw data in the index
C.
Raw data in the index
Answers
D.
Data model acceleration
D.
Data model acceleration
Answers
Suggested answer: C

Question 106

Report
Export
Collapse

Which of the following types of data count against the license daily quota?

A.
Replicated data
A.
Replicated data
Answers
B.
splunkd logs
B.
splunkd logs
Answers
C.
Summary index data
C.
Summary index data
Answers
D.
Windows internal logs
D.
Windows internal logs
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Admin/Distdeploylicenses#Clustered_deployments_and_licensing_issues

Reference: https://community.splunk.com/t5/Deployment-Architecture/License-usage-in-Indexer-Cluster/m-p/493548

Question 107

Report
Export
Collapse

Which of the following is a valid distributed search group?

A.
[distributedSearch:Paris] default = false servers = server1, server2
A.
[distributedSearch:Paris] default = false servers = server1, server2
Answers
B.
[searchGroup:Paris] default = false servers = server1:8089, server2:8089
B.
[searchGroup:Paris] default = false servers = server1:8089, server2:8089
Answers
C.
[searchGroup:Paris] default = false servers = server1:9997, server2:9997
C.
[searchGroup:Paris] default = false servers = server1:9997, server2:9997
Answers
D.
[distributedSearch:Paris] default = false servers = server1:8089; server2:8089
D.
[distributedSearch:Paris] default = false servers = server1:8089; server2:8089
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups

Question 108

Report
Export
Collapse

Which default Splunk role could be assigned to provide users with the following capabilities?

Create saved searches

Edit shared objects and alerts

Not allowed to create custom roles

A.
admin
A.
admin
Answers
B.
power
B.
power
Answers
C.
user
C.
user
Answers
D.
splunk-system-role
D.
splunk-system-role
Answers
Suggested answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.2.3/Admin/Aboutusersandroles

The power role is a default Splunk role that grants users the ability to create saved searches, edit shared objects and alerts, and access advanced search commands. However, the power role does not allow users to create custom roles, which is a privilege reserved for the admin role. Therefore, option B is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [About configuring role-based user access - Splunk Documentation]

Question 109

Report
Export
Collapse

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

A.
Default app
A.
Default app
Answers
B.
LDAP group
B.
LDAP group
Answers
C.
Password
C.
Password
Answers
D.
Username
D.
Username
Answers
Suggested answer: A

Explanation:

When Splunk is integrated with LDAP, most of the user attributes are managed by the LDAP server and cannot be changed in the Splunk UI. However, one exception is the default app attribute, which specifies which app a user sees when they log in to Splunk. This attribute can be changed in the Splunk UI by editing the user settings. Therefore, option A is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [Configure Splunk to use LDAP and map groups - Splunk Documentation]

Question 110

Report
Export
Collapse

Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?

A.
splunk btool server list --debug
A.
splunk btool server list --debug
Answers
B.
splunk list forward-indexer
B.
splunk list forward-indexer
Answers
C.
splunk list forward-server
C.
splunk list forward-server
Answers
D.
splunk btool indexes list --debug
D.
splunk btool indexes list --debug
Answers
Suggested answer: C

Explanation:

Reference: https://community.splunk.com/t5/All-Apps-and-Add-ons/How-do-I-configure-a-Splunk-Forwarder-on-Linux/m-p/72078

The CLI command to view the current forwarder to indexer configuration is splunk list forward-server.

This command displays the hostnames and port numbers of the indexers that the forwarder sends data to. Therefore, option C is the correct answer. Reference: Splunk Enterprise Certified Admin | Splunk, [Use CLI commands to manage your forwarders - Splunk Documentation]

Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms