ExamGecko
Home / Splunk / SPLK-1003
Ask Question

Splunk SPLK-1003 Practice Test - Questions Answers, Page 7

Question list
Search

Question 61

Report
Export
Collapse

Which of the following statements describe deployment management? (select all that apply)

Requires an Enterprise license
Requires an Enterprise license
Is responsible for sending apps to forwarders.
Is responsible for sending apps to forwarders.
Once used, is the only way to manage forwarders
Once used, is the only way to manage forwarders
Can automatically restart the host OS running the forwarder.
Can automatically restart the host OS running the forwarder.
Suggested answer: A, B

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Distdeploylicenses#:~:text=License%2 0requirements,do%20not%20index%20external%20data.

"All Splunk Enterprise instances functioning as management components needs access to an Enterprise license. Management components include the deployment server, the indexer cluster manager node, the search head cluster deployer, and the monitoring console."

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."

asked 23/09/2024
ABCO TECHNOLOGY
32 questions

Question 62

Report
Export
Collapse

During search time, which directory of configuration files has the highest precedence?

$SFLUNK_KOME/etc/system/local
$SFLUNK_KOME/etc/system/local
$SPLUNK_KCME/etc/system/default
$SPLUNK_KCME/etc/system/default
$SPLUNK_HCME/etc/apps/app1/local
$SPLUNK_HCME/etc/apps/app1/local
$SPLUNK HCME/etc/users/admin/local
$SPLUNK HCME/etc/users/admin/local
Suggested answer: D

Explanation:

Adding further clarity and quoting same Splunk reference URL from @giubal"

"To keep configuration settings consistent across peer nodes, configuration files are managed from the cluster master, which pushes the files to the slave-app directories on the peer nodes. Files in the slave-app directories have the highest precedence in a cluster peer's configuration. Here is the expanded precedence order for cluster peers:

1.Slave-app local directories -- highest priority

2. System local directory

3. App local directories

4. Slave-app default directories

5. App default directories

6. System default directory --lowest priority

asked 23/09/2024
Giulia Alberghi
43 questions

Question 63

Report
Export
Collapse

Within props. conf, which stanzas are valid for data modification? (select all that apply)

Host
Host
Server
Server
Source
Source
Sourcetype
Sourcetype
Suggested answer: A, C, D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf

"* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

asked 23/09/2024
Michel Flipse
41 questions

Question 64

Report
Export
Collapse

What is the correct order of steps in Duo Multifactor Authentication?

1 Request Login2. Connect to SAML server3 Duo MFA4 Create User session5 Authentication Granted 6. Log into Splunk
1 Request Login2. Connect to SAML server3 Duo MFA4 Create User session5 Authentication Granted 6. Log into Splunk
1. Request Login 2 Duo MFA3. Authentication Granted 4 Connect to SAML server5. Log into Splunk6. Create User session
1. Request Login 2 Duo MFA3. Authentication Granted 4 Connect to SAML server5. Log into Splunk6. Create User session
1 Request Login2 Check authentication / group mapping3 Authentication Granted4. Duo MFA5. Create User session6. Log into Splunk
1 Request Login2 Check authentication / group mapping3 Authentication Granted4. Duo MFA5. Create User session6. Log into Splunk
1 Request Login 2 Duo MFA3. Check authentication / group mapping4 Create User session5. Authentication Granted6 Log into Splunk
1 Request Login 2 Duo MFA3. Check authentication / group mapping4 Create User session5. Authentication Granted6 Log into Splunk
Suggested answer: C

Explanation:

Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk Scroll down to the Network Diagram section and note the following 6 similar steps

1 - SPlunk connection initiated

2 - Primary authentication

3 - Splunk connection established to Duo Security over TCP port 443

4 - Secondary authentication via Duo Security's service

5 - Splunk receives authentication response

6 - Splunk session logged in.

asked 23/09/2024
Giuseppina Mancinelli
34 questions

Question 65

Report
Export
Collapse

Where can scripts for scripted inputs reside on the host file system? (select all that apply)

$SFLUNK_HOME/bin/scripts
$SFLUNK_HOME/bin/scripts
$SPLUNK_HOME/etc/apps/bin
$SPLUNK_HOME/etc/apps/bin
$SPLUNK_HOME/etc/system/bin
$SPLUNK_HOME/etc/system/bin
$S?LUNK_HOME/etc/apps/<your_app>/bin_
$S?LUNK_HOME/etc/apps/<your_app>/bin_
Suggested answer: A, C, D

Explanation:

"Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:

$SPLUNK_HOME/etc/system/bin $SPLUNK_HOME/etc/apps/<your_App>/bin $SPLUNK_HOME/bin/scripts

As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system."

asked 23/09/2024
Francesco Mammola
41 questions

Question 66

Report
Export
Collapse

How does the Monitoring Console monitor forwarders?

By pulling internal logs from forwarders.
By pulling internal logs from forwarders.
By using the forwarder monitoring add-on
By using the forwarder monitoring add-on
With internal logs forwarded by forwarders.
With internal logs forwarded by forwarders.
With internal logs forwarded by deployment server.
With internal logs forwarded by deployment server.
Suggested answer: C

Explanation:

Quoting the following Splunk URL reference

https://docs.splunk.com/Documentation/Splunk/8.2.2/DMC/DMCprerequisites "Monitoring Console setup prerequisites. Forward internal logs (both $SPLUNK_HOME/car/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data."

asked 23/09/2024
Ishan Patel
31 questions

Question 67

Report
Export
Collapse

What options are available when creating custom roles? (select all that apply)

Restrict search terms
Restrict search terms
Whitelist search terms
Whitelist search terms
Limit the number of concurrent search jobs
Limit the number of concurrent search jobs
Allow or restrict indexes that can be searched.
Allow or restrict indexes that can be searched.
Suggested answer: A, C, D

Explanation:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits

"Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings."

asked 23/09/2024
Reydel Tabares Castro
46 questions

Question 68

Report
Export
Collapse

Which of the following are supported options when configuring optional network inputs?

Metadata override, sender filtering options, network input queues (quantum queues)
Metadata override, sender filtering options, network input queues (quantum queues)
Metadata override, sender filtering options, network input queues (memory/persistent queues)
Metadata override, sender filtering options, network input queues (memory/persistent queues)
Filename override, sender filtering options, network output queues (memory/persistent queues)
Filename override, sender filtering options, network output queues (memory/persistent queues)
Metadata override, receiver filtering options, network input queues (memory/persistent queues)
Metadata override, receiver filtering options, network input queues (memory/persistent queues)
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

asked 23/09/2024
Karen Vivanco
29 questions

Question 69

Report
Export
Collapse

What is the default character encoding used by Splunk during the input phase?

UTF-8
UTF-8
UTF-16
UTF-16
EBCDIC
EBCDIC
ISO 8859
ISO 8859
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

"Configure character set encoding. Splunk software attempts to apply UTF-8 encoding to your scources by default. If a source foesn't use UTF-8 encoding or is a non-ASCII file, Splunk software tries to convert data from the source to UTF-8 encoding unless you specify a character set to use by setting the CHARSET key in the props.conf file."

asked 23/09/2024
Vincent Dsouza
37 questions

Question 70

Report
Export
Collapse

Which of the following enables compression for universal forwarders in outputs. conf ?

A)

Splunk SPLK-1003 image Question 70 75378 09232024004541000000

B)

Splunk SPLK-1003 image Question 70 75378 09232024004541000000

C)

Splunk SPLK-1003 image Question 70 75378 09232024004541000000

D)

Splunk SPLK-1003 image Question 70 75378 09232024004541000000

Option A
Option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf# Compression##

This example sends compressed events to the remote indexer.

# NOTE: Compression can be enabled TCP or SSL outputs only.

# The receiver input port should also have compression enabled.

[tcpout]

server = splunkServer.example.com:4433

compressed = true

asked 23/09/2024
safiqueahmed kazi
37 questions
Total 189 questions
Go to page: of 19