ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 31

Report
Export
Collapse

Which of the following apply to how distributed search works? (select all that apply)

A.
The search head dispatches searches to the peers
A.
The search head dispatches searches to the peers
Answers
B.
The search peers pull the data from the forwarders.
B.
The search peers pull the data from the forwarders.
Answers
C.
Peers run searches in parallel and return their portion of results.
C.
Peers run searches in parallel and return their portion of results.
Answers
D.
The search head consolidates the individual results and prepares reports
D.
The search head consolidates the individual results and prepares reports
Answers
Suggested answer: A, C, D

Explanation:

Users log on to the search head and run reports: – The search head dispatches searches to the peers – Peers run searches in parallel and return their portion of results – The search head consolidates the individual results and prepares reports

Question 32

Report
Export
Collapse

Which setting in indexes. conf allows data retention to be controlled by time?

A.
maxDaysToKeep
A.
maxDaysToKeep
Answers
B.
moveToFrozenAfter
B.
moveToFrozenAfter
Answers
C.
maxDataRetentionTime
C.
maxDataRetentionTime
Answers
D.
frozenTimePeriodlnSecs
D.
frozenTimePeriodlnSecs
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Setaretirementandarchivingpolicy

Question 33

Report
Export
Collapse

The universal forwarder has which capabilities when sending data? (select all that apply)

A.
Sending alerts
A.
Sending alerts
Answers
B.
Compressing data
B.
Compressing data
Answers
C.
Obfuscating/hiding data
C.
Obfuscating/hiding data
Answers
D.
Indexer acknowledgement
D.
Indexer acknowledgement
Answers
Suggested answer: B, D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.1/Forwarding/Aboutforwardingandreceivingdata

https://docs.splunk.com/Documentation/Forwarder/8.1.1/Forwarder/Configureforwardingwithoutputs.conf#:~:text=compressed%3Dtrue%20This%20tells%20the,the%20forwarder%20sends%20raw%20data.

Question 34

Report
Export
Collapse

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

A.
Blacklist
A.
Blacklist
Answers
B.
Whitelist
B.
Whitelist
Answers
C.
They cancel each other out.
C.
They cancel each other out.
Answers
D.
Whichever is entered into the configuration first.
D.
Whichever is entered into the configuration first.
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.4/Data/Whitelistorblacklistspecificincomingdata "

It is not necessary to define both an allow list and a deny list in a configuration stanza. The settings are independent. If you do define both filters and a file matches them both, Splunk Enterprise does not index that file, as the blacklist filter overrides the whitelist filter." Source:

https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/Whitelistorblacklistspecificincomingdata

Question 35

Report
Export
Collapse

In which Splunk configuration is the SEDCMD used?

A.
props, conf
A.
props, conf
Answers
B.
inputs.conf
B.
inputs.conf
Answers
C.
indexes.conf
C.
indexes.conf
Answers
D.
transforms.conf
D.
transforms.conf
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Forwarding/Forwarddatatothirdpartysystemsd

"You can specify a SEDCMD configuration in props.conf to address data that contains characters that the third-party server cannot process. "

Question 36

Report
Export
Collapse

Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)

A.
CLI
A.
CLI
Answers
B.
Edit inputs . conf
B.
Edit inputs . conf
Answers
C.
Edit forwarder.conf
C.
Edit forwarder.conf
Answers
D.
Forwarder Management
D.
Forwarder Management
Answers
Suggested answer: A, B, D

Explanation:

https://docs.splunk.com/Documentation/Forwarder/8.2.1/Forwarder/HowtoforwarddatatoSplunkEnterprise

"You can collect data on the universal forwarder using several methods. Define inputs on the universal forwarder with the CLI. You can use the CLI to define inputs on the universal forwarder.

After you define the inputs, the universal forwarder collects data based on those definitions as long as it has access to the data that you want to monitor. Define inputs on the universal forwarder with configuration files. If the input you want to configure does not have a CLI argument for it, you can configure inputs with configuration files. Create an inputs.conf file in the directory, $SPLUNK_HOME/etc/system/local

Question 37

Report
Export
Collapse

Which parent directory contains the configuration files in Splunk?

A.
SSFLUNK_HOME/etc
A.
SSFLUNK_HOME/etc
Answers
B.
SSPLUNK_HOME/var
B.
SSPLUNK_HOME/var
Answers
C.
SSPLUNK_HOME/conf
C.
SSPLUNK_HOME/conf
Answers
D.
SSPLUNK_HOME/default
D.
SSPLUNK_HOME/default
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories

Section titled, Configuration file directories, states "A detailed list of settings for each configuration file is provided in the .spec file names for that configuration file. You can find the latest version of the .spec and .example files in the $SPLUNK_HOME/etc system/README folder of your Splunk Enterprise installation..."

Question 38

Report
Export
Collapse

Which forwarder type can parse data prior to forwarding?

A.
Universal forwarder
A.
Universal forwarder
Answers
B.
Heaviest forwarder
B.
Heaviest forwarder
Answers
C.
Hyper forwarder
C.
Hyper forwarder
Answers
D.
Heavy forwarder
D.
Heavy forwarder
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Typesofforwarders

"A heavy forwarder parses data before forwarding it and can route data based on criteria such as source or type of event."

Question 39

Report
Export
Collapse

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

A.
Indexers
A.
Indexers
Answers
B.
Forwarder
B.
Forwarder
Answers
C.
Search head
C.
Search head
Answers
D.
Search peers
D.
Search peers
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Howuserscancontroldistributedsearches

"From the user standpoint, specifying and running a distributed search is essentially the same as running any other search. Behind the scenes, the search head distributes the query to its search peers, and consolidates the results when presenting them to the user."

Question 40

Report
Export
Collapse

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

A.
Deployer
A.
Deployer
Answers
B.
Cluster master
B.
Cluster master
Answers
C.
Deployment server
C.
Deployment server
Answers
D.
Search head cluster master
D.
Search head cluster master
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: "The deployment server distributes deployment apps to clients."

Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms