Splunk SPLK-1003 Practice Test - Questions Answers, Page 6
List of questions
Related questions
Question 51

Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of users?
Explanation:
You can have a role inherit certain properties from one or more existing role
https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles
Question 52

Which of the following is the use case for the deployment server feature of Splunk?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver
"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."
Question 53

When running a real-time search, search results are pulled from which Splunk component?
Explanation:
Using the Splunk reference URL https://docs.splunk.com/Splexicon:Searchpeer
"search peer is a splunk platform instance that responds to search requests from a search head. The term "search peer" is usally synonymous with the indexer role in a distributed search topology.
However, other instance types also have access to indexed data, particularly internal diagnostic data, and thus function as search peers when they respond to search requests for that data."
Question 54

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21]
VendorID=1234 Code=B AcctID=xxx5309
Event:
[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Anonymizedata
Scrolling down to the section titled "Define the sed script in props.conf shows the correct syntax of an example which validates that the number/character /1 immediately preceded the /g
Question 55

What is required when adding a native user to Splunk? (select all that apply)
Explanation:
According to the Splunk system admin course PDF, When adding native users, Username and Password ARE REQUIRED
Question 56

What are the minimum required settings when creating a network input in Splunk?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf
[tcp://<remote server>:<port>]
*Configures the input to listen on a specific TCP network port.
*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.
*If you do not specify <remote server>, this stanza matches all connections on the specified port.
*Generates events with source set to "tcp:<port>", for example: tcp:514
*If you do not specify a sourcetype, generates events with sourcetype set to "tcp-raw"
Question 57

Which Splunk component requires a Forwarder license?
Question 58

Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?
Explanation:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Forwarding/Routeandfilterdatad#Perform_selective_indexing_and_forwarding
Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers by specifying the tcpout groups that the forwarder should use when forwarding the data. Define the tcpout group names in the outputs.conf file in [tcpout:<tcpout_group_name>] stanzas. The groups present in defaultGroup in [tcpout] stanza in the outputs.conf file.
Question 59

To set up a Network input in Splunk, what needs to be specified'?
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Monitornetworkports
Question 60

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
Question