ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 41

Report
Export
Collapse

Where should apps be located on the deployment server that the clients pull from?

A.
$SFLUNK_KOME/etc/apps
A.
$SFLUNK_KOME/etc/apps
Answers
B.
$SPLUNK_HCME/etc/sear:ch
B.
$SPLUNK_HCME/etc/sear:ch
Answers
C.
$SPLUNK_HCME/etc/master-apps
C.
$SPLUNK_HCME/etc/master-apps
Answers
D.
$SPLUNK HCME/etc/deployment-apps
D.
$SPLUNK HCME/etc/deployment-apps
Answers
Suggested answer: D

Explanation:

After an app is downloaded, it resides under $SPLUNK_HOME/etc/apps on the deployment clients.

But it resided in the $SPLUNK_HOME/etc/deployment-apps location in the deployment server.

Question 42

Report
Export
Collapse

This file has been manually created on a universal forwarder

A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new

Which file is now monitored?

A.
/var/log/messages
A.
/var/log/messages
Answers
B.
/var/log/maillog
B.
/var/log/maillog
Answers
C.
/var/log/maillog and /var/log/messages
C.
/var/log/maillog and /var/log/messages
Answers
D.
none of the above
D.
none of the above
Answers
Suggested answer: B

Question 43

Report
Export
Collapse

In which phase of the index time process does the license metering occur?

A.
input phase
A.
input phase
Answers
B.
Parsing phase
B.
Parsing phase
Answers
C.
Indexing phase
C.
Indexing phase
Answers
D.
Licensing phase
D.
Licensing phase
Answers
Suggested answer: C

Explanation:

"When ingesting event data, the measured data volume is based on the new raw data that is placed into the indexing pipeline. Because the data is measured at the indexing pipeline, data that is filetered and dropped prior to indexing does not count against the license volume qota."

https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/HowSplunklicensingworks

Question 44

Report
Export
Collapse

You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list —debug. What will the output be?

A.
list of all the configurations on-disk that Splunk contains.
A.
list of all the configurations on-disk that Splunk contains.
Answers
B.
A verbose list of all configurations as they were when splunkd started.
B.
A verbose list of all configurations as they were when splunkd started.
Answers
C.
A list of props. conf configurations as they are on-disk along with a file path from which the configuration is located
C.
A list of props. conf configurations as they are on-disk along with a file path from which the configuration is located
Answers
D.
A list of the current running props, conf configurations along with a file path from which the configuration was made
D.
A list of the current running props, conf configurations along with a file path from which the configuration was made
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.1/Troubleshooting/Usebtooltotroubleshootconfigurations

"The btool command simulates the merging process using the on-disk conf files and creates a report showing the merged settings."

"The report does not necessarily represent what's loaded in memory. If a conf file change is made that requires a service restart, the btool report shows the change even though that change isn't active."

Question 45

Report
Export
Collapse

When running the command shown below, what is the default path in which deployment server.

conf is created?

splunk set deploy-poll deployServer:port

A.
SFLUNK_HOME/etc/deployment
A.
SFLUNK_HOME/etc/deployment
Answers
B.
SPLUNK_HOME/etc/system/local
B.
SPLUNK_HOME/etc/system/local
Answers
C.
SPLUNK_HOME/etc/system/default
C.
SPLUNK_HOME/etc/system/default
Answers
D.
SPLUNK_KOME/etc/apps/deployment
D.
SPLUNK_KOME/etc/apps/deployment
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.1.1/Updating/Definedeploymentclasses#Ways_to_define_server_classes

"When you use forwarder management to create a new server class, it saves the server class definition in a copy of serverclass.conf under $SPLUNK_HOME/etc/system/local. If, instead of using forwarder management, you decide to directly edit serverclass.conf, it is recommended that you create the serverclass.conf file in that same directory, $SPLUNK_HOME/etc/system/local."

Question 46

Report
Export
Collapse

The priority of layered Splunk configuration files depends on the file's:

A.
Owner
A.
Owner
Answers
B.
Weight
B.
Weight
Answers
C.
Context
C.
Context
Answers
D.
Creation time
D.
Creation time
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

"To determine the order of directories for evaluating configuration file precendence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user"

Question 47

Report
Export
Collapse

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

A.
Slash notation
A.
Slash notation
Answers
B.
Regular expression
B.
Regular expression
Answers
C.
Irregular expression
C.
Irregular expression
Answers
D.
Wildcard-only expression
D.
Wildcard-only expression
Answers
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Include_or_exclude_specific_incoming_data

Question 48

Report
Export
Collapse

Which of the following statements describes how distributed search works?

A.
Forwarders pull data from the search peers.
A.
Forwarders pull data from the search peers.
Answers
B.
Search heads store a portion of the searchable data.
B.
Search heads store a portion of the searchable data.
Answers
C.
The search head dispatches searches to the search peers.
C.
The search head dispatches searches to the search peers.
Answers
D.
Search results are replicated within the indexer cluster.
D.
Search results are replicated within the indexer cluster.
Answers
Suggested answer: C

Explanation:

URL https://docs.splunk.com/Documentation/Splunk/8.2.2/DistSearch/Configuredistributedsearch

"To activate distributed search, you add search peers, or indexers, to a Splunk Enterprise instance that you desingate as a search head. You do this by specifying each search peer manually."

Question 49

Report
Export
Collapse

Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations found in props.conf to be validated all through the UI?

A.
Apps
A.
Apps
Answers
B.
Search
B.
Search
Answers
C.
Data preview
C.
Data preview
Answers
D.
Forwarder inputs
D.
Forwarder inputs
Answers
Suggested answer: C

Explanation:

http://www.splunk.com/view/SP-CAAAGPR

Question 50

Report
Export
Collapse

Which of the following statements accurately describes using SSL to secure the feed from a forwarder?

A.
It does not encrypt the certificate password.
A.
It does not encrypt the certificate password.
Answers
B.
SSL automatically compresses the feed by default.
B.
SSL automatically compresses the feed by default.
Answers
C.
It requires that the forwarder be set to compressed=true.
C.
It requires that the forwarder be set to compressed=true.
Answers
D.
It requires that the receiver be set to compression=true.
D.
It requires that the receiver be set to compression=true.
Answers
Suggested answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/AboutsecuringyourSplunkconfigurationwithSSL

Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms