ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 51

Report
Export
Collapse

Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of users?

A.
Linked roles
A.
Linked roles
Answers
B.
Grantable roles
B.
Grantable roles
Answers
C.
Role federation
C.
Role federation
Answers
D.
Role inheritance
D.
Role inheritance
Answers
Suggested answer: D

Explanation:

You can have a role inherit certain properties from one or more existing role

https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles

Question 52

Report
Export
Collapse

Which of the following is the use case for the deployment server feature of Splunk?

A.
Managing distributed workloads in a Splunk environment.
A.
Managing distributed workloads in a Splunk environment.
Answers
B.
Automating upgrades of Splunk forwarder installations on endpoints.
B.
Automating upgrades of Splunk forwarder installations on endpoints.
Answers
C.
Orchestrating the operations and scale of a containerized Splunk deployment.
C.
Orchestrating the operations and scale of a containerized Splunk deployment.
Answers
D.
Updating configuration and distributing apps to processing components, primarily forwarders.
D.
Updating configuration and distributing apps to processing components, primarily forwarders.
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."

Question 53

Report
Export
Collapse

When running a real-time search, search results are pulled from which Splunk component?

A.
Heavy forwarders and search peers
A.
Heavy forwarders and search peers
Answers
B.
Heavy forwarders
B.
Heavy forwarders
Answers
C.
Search heads
C.
Search heads
Answers
D.
Search peers
D.
Search peers
Answers
Suggested answer: D

Explanation:

Using the Splunk reference URL https://docs.splunk.com/Splexicon:Searchpeer

"search peer is a splunk platform instance that responds to search requests from a search head. The term "search peer" is usally synonymous with the indexer role in a distributed search topology.

However, other instance types also have access to indexed data, particularly internal diagnostic data, and thus function as search peers when they respond to search requests for that data."

Question 54

Report
Export
Collapse

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21]

VendorID=1234 Code=B AcctID=xxx5309

Event:

[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

A.
SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g
A.
SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g
Answers
B.
SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g
B.
SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g
Answers
C.
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g
C.
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g
Answers
D.
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g
D.
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g
Answers
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Anonymizedata

Scrolling down to the section titled "Define the sed script in props.conf shows the correct syntax of an example which validates that the number/character /1 immediately preceded the /g

Question 55

Report
Export
Collapse

What is required when adding a native user to Splunk? (select all that apply)

A.
Password
A.
Password
Answers
B.
Username
B.
Username
Answers
C.
Full Name
C.
Full Name
Answers
D.
Default app
D.
Default app
Answers
Suggested answer: A, B

Explanation:

According to the Splunk system admin course PDF, When adding native users, Username and Password ARE REQUIRED

Question 56

Report
Export
Collapse

What are the minimum required settings when creating a network input in Splunk?

A.
Protocol, port number
A.
Protocol, port number
Answers
B.
Protocol, port, location
B.
Protocol, port, location
Answers
C.
Protocol, username, port
C.
Protocol, username, port
Answers
D.
Protocol, IP. port number
D.
Protocol, IP. port number
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf

[tcp://<remote server>:<port>]

*Configures the input to listen on a specific TCP network port.

*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.

*If you do not specify <remote server>, this stanza matches all connections on the specified port.

*Generates events with source set to "tcp:<port>", for example: tcp:514

*If you do not specify a sourcetype, generates events with sourcetype set to "tcp-raw"

Question 57

Report
Export
Collapse

Which Splunk component requires a Forwarder license?

A.
Search head
A.
Search head
Answers
B.
Heavy forwarder
B.
Heavy forwarder
Answers
C.
Heaviest forwarder
C.
Heaviest forwarder
Answers
D.
Universal forwarder
D.
Universal forwarder
Answers
Suggested answer: B

Question 58

Report
Export
Collapse

Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?

A.
_TCP_ROUTING
A.
_TCP_ROUTING
Answers
B.
_INDEXER_LIST
B.
_INDEXER_LIST
Answers
C.
_INDEXER_GROUP
C.
_INDEXER_GROUP
Answers
D.
_INDEXER ROUTING
D.
_INDEXER ROUTING
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.0.3/Forwarding/Routeandfilterdatad#Perform_selective_indexing_and_forwarding

Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers by specifying the tcpout groups that the forwarder should use when forwarding the data. Define the tcpout group names in the outputs.conf file in [tcpout:<tcpout_group_name>] stanzas. The groups present in defaultGroup in [tcpout] stanza in the outputs.conf file.

Question 59

Report
Export
Collapse

To set up a Network input in Splunk, what needs to be specified'?

A.
File path.
A.
File path.
Answers
B.
Username and password
B.
Username and password
Answers
C.
Network protocol and port number.
C.
Network protocol and port number.
Answers
D.
Network protocol and MAC address.
D.
Network protocol and MAC address.
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Monitornetworkports

Question 60

Report
Export
Collapse

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

A.
Universal forwarder
A.
Universal forwarder
Answers
B.
Parsing forwarder
B.
Parsing forwarder
Answers
C.
Heavy forwarder
C.
Heavy forwarder
Answers
D.
Advanced forwarder
D.
Advanced forwarder
Answers
Suggested answer: C
Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms