Splunk SPLK-1003 Practice Test - Questions Answers, Page 5
List of questions
Related questions
Question 41

Where should apps be located on the deployment server that the clients pull from?
Explanation:
After an app is downloaded, it resides under $SPLUNK_HOME/etc/apps on the deployment clients.
But it resided in the $SPLUNK_HOME/etc/deployment-apps location in the deployment server.
Question 42

This file has been manually created on a universal forwarder
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new
Which file is now monitored?
Question 43

In which phase of the index time process does the license metering occur?
Explanation:
"When ingesting event data, the measured data volume is based on the new raw data that is placed into the indexing pipeline. Because the data is measured at the indexing pipeline, data that is filetered and dropped prior to indexing does not count against the license volume qota."
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/HowSplunklicensingworks
Question 44

You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list —debug. What will the output be?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Troubleshooting/Usebtooltotroubleshootconfigurations
"The btool command simulates the merging process using the on-disk conf files and creates a report showing the merged settings."
"The report does not necessarily represent what's loaded in memory. If a conf file change is made that requires a service restart, the btool report shows the change even though that change isn't active."
Question 45

When running the command shown below, what is the default path in which deployment server.
conf is created?
splunk set deploy-poll deployServer:port
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.1.1/Updating/Definedeploymentclasses#Ways_to_define_server_classes
"When you use forwarder management to create a new server class, it saves the server class definition in a copy of serverclass.conf under $SPLUNK_HOME/etc/system/local. If, instead of using forwarder management, you decide to directly edit serverclass.conf, it is recommended that you create the serverclass.conf file in that same directory, $SPLUNK_HOME/etc/system/local."
Question 46

The priority of layered Splunk configuration files depends on the file's:
Explanation:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles
"To determine the order of directories for evaluating configuration file precendence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user"
Question 47

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Include_or_exclude_specific_incoming_data
Question 48

Which of the following statements describes how distributed search works?
Explanation:
URL https://docs.splunk.com/Documentation/Splunk/8.2.2/DistSearch/Configuredistributedsearch
"To activate distributed search, you add search peers, or indexers, to a Splunk Enterprise instance that you desingate as a search head. You do this by specifying each search peer manually."
Question 49

Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations found in props.conf to be validated all through the UI?
Explanation:
http://www.splunk.com/view/SP-CAAAGPR
Question 50

Which of the following statements accurately describes using SSL to secure the feed from a forwarder?
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/AboutsecuringyourSplunkconfigurationwithSSL
Question