ExamGecko
Home / Splunk / SPLK-1003
Ask Question

Splunk SPLK-1003 Practice Test - Questions Answers, Page 6

Question list
Search

Question 51

Report
Export
Collapse

Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of users?

Linked roles
Linked roles
Grantable roles
Grantable roles
Role federation
Role federation
Role inheritance
Role inheritance
Suggested answer: D

Explanation:

You can have a role inherit certain properties from one or more existing role

https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles

asked 23/09/2024
Dean Pillay
47 questions

Question 52

Report
Export
Collapse

Which of the following is the use case for the deployment server feature of Splunk?

Managing distributed workloads in a Splunk environment.
Managing distributed workloads in a Splunk environment.
Automating upgrades of Splunk forwarder installations on endpoints.
Automating upgrades of Splunk forwarder installations on endpoints.
Orchestrating the operations and scale of a containerized Splunk deployment.
Orchestrating the operations and scale of a containerized Splunk deployment.
Updating configuration and distributing apps to processing components, primarily forwarders.
Updating configuration and distributing apps to processing components, primarily forwarders.
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."

asked 23/09/2024
Tony Minjarez
41 questions

Question 53

Report
Export
Collapse

When running a real-time search, search results are pulled from which Splunk component?

Heavy forwarders and search peers
Heavy forwarders and search peers
Heavy forwarders
Heavy forwarders
Search heads
Search heads
Search peers
Search peers
Suggested answer: D

Explanation:

Using the Splunk reference URL https://docs.splunk.com/Splexicon:Searchpeer

"search peer is a splunk platform instance that responds to search requests from a search head. The term "search peer" is usally synonymous with the indexer role in a distributed search topology.

However, other instance types also have access to indexed data, particularly internal diagnostic data, and thus function as search peers when they respond to search requests for that data."

asked 23/09/2024
Nader Pouri
31 questions

Question 54

Report
Export
Collapse

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21]

VendorID=1234 Code=B AcctID=xxx5309

Event:

[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g
SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g
SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g
SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g
SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g
Suggested answer: D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Anonymizedata

Scrolling down to the section titled "Define the sed script in props.conf shows the correct syntax of an example which validates that the number/character /1 immediately preceded the /g

asked 23/09/2024
souhaib chabchoub
37 questions

Question 55

Report
Export
Collapse

What is required when adding a native user to Splunk? (select all that apply)

Password
Password
Username
Username
Full Name
Full Name
Default app
Default app
Suggested answer: A, B

Explanation:

According to the Splunk system admin course PDF, When adding native users, Username and Password ARE REQUIRED

asked 23/09/2024
jitendra makwana
36 questions

Question 56

Report
Export
Collapse

What are the minimum required settings when creating a network input in Splunk?

Protocol, port number
Protocol, port number
Protocol, port, location
Protocol, port, location
Protocol, username, port
Protocol, username, port
Protocol, IP. port number
Protocol, IP. port number
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf

[tcp://<remote server>:<port>]

*Configures the input to listen on a specific TCP network port.

*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.

*If you do not specify <remote server>, this stanza matches all connections on the specified port.

*Generates events with source set to "tcp:<port>", for example: tcp:514

*If you do not specify a sourcetype, generates events with sourcetype set to "tcp-raw"

asked 23/09/2024
Jarrell John Garcia
37 questions

Question 57

Report
Export
Collapse

Which Splunk component requires a Forwarder license?

Search head
Search head
Heavy forwarder
Heavy forwarder
Heaviest forwarder
Heaviest forwarder
Universal forwarder
Universal forwarder
Suggested answer: B
asked 23/09/2024
Newton Vela
39 questions

Question 58

Report
Export
Collapse

Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?

_TCP_ROUTING
_TCP_ROUTING
_INDEXER_LIST
_INDEXER_LIST
_INDEXER_GROUP
_INDEXER_GROUP
_INDEXER ROUTING
_INDEXER ROUTING
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.0.3/Forwarding/Routeandfilterdatad#Perform_selective_indexing_and_forwarding

Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers by specifying the tcpout groups that the forwarder should use when forwarding the data. Define the tcpout group names in the outputs.conf file in [tcpout:<tcpout_group_name>] stanzas. The groups present in defaultGroup in [tcpout] stanza in the outputs.conf file.

asked 23/09/2024
Mpho Ntshontsi
41 questions

Question 59

Report
Export
Collapse

To set up a Network input in Splunk, what needs to be specified'?

File path.
File path.
Username and password
Username and password
Network protocol and port number.
Network protocol and port number.
Network protocol and MAC address.
Network protocol and MAC address.
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Monitornetworkports

asked 23/09/2024
Vadym Popov
39 questions

Question 60

Report
Export
Collapse

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

Universal forwarder
Universal forwarder
Parsing forwarder
Parsing forwarder
Heavy forwarder
Heavy forwarder
Advanced forwarder
Advanced forwarder
Suggested answer: C
asked 23/09/2024
Benice dobbins
44 questions
Total 189 questions
Go to page: of 19