ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
What are the minimum required settings when creating a network input in Splunk?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 61

Report
Export
Collapse

Which of the following statements describe deployment management? (select all that apply)

A.
Requires an Enterprise license
A.
Requires an Enterprise license
Answers
B.
Is responsible for sending apps to forwarders.
B.
Is responsible for sending apps to forwarders.
Answers
C.
Once used, is the only way to manage forwarders
C.
Once used, is the only way to manage forwarders
Answers
D.
Can automatically restart the host OS running the forwarder.
D.
Can automatically restart the host OS running the forwarder.
Answers
Suggested answer: A, B

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Distdeploylicenses#:~:text=License%2 0requirements,do%20not%20index%20external%20data.

"All Splunk Enterprise instances functioning as management components needs access to an Enterprise license. Management components include the deployment server, the indexer cluster manager node, the search head cluster deployer, and the monitoring console."

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

"The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances."

Question 62

Report
Export
Collapse

During search time, which directory of configuration files has the highest precedence?

A.
$SFLUNK_KOME/etc/system/local
A.
$SFLUNK_KOME/etc/system/local
Answers
B.
$SPLUNK_KCME/etc/system/default
B.
$SPLUNK_KCME/etc/system/default
Answers
C.
$SPLUNK_HCME/etc/apps/app1/local
C.
$SPLUNK_HCME/etc/apps/app1/local
Answers
D.
$SPLUNK HCME/etc/users/admin/local
D.
$SPLUNK HCME/etc/users/admin/local
Answers
Suggested answer: D

Explanation:

Adding further clarity and quoting same Splunk reference URL from @giubal"

"To keep configuration settings consistent across peer nodes, configuration files are managed from the cluster master, which pushes the files to the slave-app directories on the peer nodes. Files in the slave-app directories have the highest precedence in a cluster peer's configuration. Here is the expanded precedence order for cluster peers:

1.Slave-app local directories -- highest priority

2. System local directory

3. App local directories

4. Slave-app default directories

5. App default directories

6. System default directory --lowest priority

Question 63

Report
Export
Collapse

Within props. conf, which stanzas are valid for data modification? (select all that apply)

A.
Host
A.
Host
Answers
B.
Server
B.
Server
Answers
C.
Source
C.
Source
Answers
D.
Sourcetype
D.
Sourcetype
Answers
Suggested answer: A, C, D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf

"* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Question 64

Report
Export
Collapse

What is the correct order of steps in Duo Multifactor Authentication?

A.
1 Request Login2. Connect to SAML server3 Duo MFA4 Create User session5 Authentication Granted 6. Log into Splunk
A.
1 Request Login2. Connect to SAML server3 Duo MFA4 Create User session5 Authentication Granted 6. Log into Splunk
Answers
B.
1. Request Login 2 Duo MFA3. Authentication Granted 4 Connect to SAML server5. Log into Splunk6. Create User session
B.
1. Request Login 2 Duo MFA3. Authentication Granted 4 Connect to SAML server5. Log into Splunk6. Create User session
Answers
C.
1 Request Login2 Check authentication / group mapping3 Authentication Granted4. Duo MFA5. Create User session6. Log into Splunk
C.
1 Request Login2 Check authentication / group mapping3 Authentication Granted4. Duo MFA5. Create User session6. Log into Splunk
Answers
D.
1 Request Login 2 Duo MFA3. Check authentication / group mapping4 Create User session5. Authentication Granted6 Log into Splunk
D.
1 Request Login 2 Duo MFA3. Check authentication / group mapping4 Create User session5. Authentication Granted6 Log into Splunk
Answers
Suggested answer: C

Explanation:

Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk Scroll down to the Network Diagram section and note the following 6 similar steps

1 - SPlunk connection initiated

2 - Primary authentication

3 - Splunk connection established to Duo Security over TCP port 443

4 - Secondary authentication via Duo Security's service

5 - Splunk receives authentication response

6 - Splunk session logged in.

Question 65

Report
Export
Collapse

Where can scripts for scripted inputs reside on the host file system? (select all that apply)

A.
$SFLUNK_HOME/bin/scripts
A.
$SFLUNK_HOME/bin/scripts
Answers
B.
$SPLUNK_HOME/etc/apps/bin
B.
$SPLUNK_HOME/etc/apps/bin
Answers
C.
$SPLUNK_HOME/etc/system/bin
C.
$SPLUNK_HOME/etc/system/bin
Answers
D.
$S?LUNK_HOME/etc/apps/<your_app>/bin_
D.
$S?LUNK_HOME/etc/apps/<your_app>/bin_
Answers
Suggested answer: A, C, D

Explanation:

"Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:

$SPLUNK_HOME/etc/system/bin $SPLUNK_HOME/etc/apps/<your_App>/bin $SPLUNK_HOME/bin/scripts

As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system."

Question 66

Report
Export
Collapse

How does the Monitoring Console monitor forwarders?

A.
By pulling internal logs from forwarders.
A.
By pulling internal logs from forwarders.
Answers
B.
By using the forwarder monitoring add-on
B.
By using the forwarder monitoring add-on
Answers
C.
With internal logs forwarded by forwarders.
C.
With internal logs forwarded by forwarders.
Answers
D.
With internal logs forwarded by deployment server.
D.
With internal logs forwarded by deployment server.
Answers
Suggested answer: C

Explanation:

Quoting the following Splunk URL reference

https://docs.splunk.com/Documentation/Splunk/8.2.2/DMC/DMCprerequisites "Monitoring Console setup prerequisites. Forward internal logs (both $SPLUNK_HOME/car/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data."

Question 67

Report
Export
Collapse

What options are available when creating custom roles? (select all that apply)

A.
Restrict search terms
A.
Restrict search terms
Answers
B.
Whitelist search terms
B.
Whitelist search terms
Answers
C.
Limit the number of concurrent search jobs
C.
Limit the number of concurrent search jobs
Answers
D.
Allow or restrict indexes that can be searched.
D.
Allow or restrict indexes that can be searched.
Answers
Suggested answer: A, C, D

Explanation:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits

"Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings."

Question 68

Report
Export
Collapse

Which of the following are supported options when configuring optional network inputs?

A.
Metadata override, sender filtering options, network input queues (quantum queues)
A.
Metadata override, sender filtering options, network input queues (quantum queues)
Answers
B.
Metadata override, sender filtering options, network input queues (memory/persistent queues)
B.
Metadata override, sender filtering options, network input queues (memory/persistent queues)
Answers
C.
Filename override, sender filtering options, network output queues (memory/persistent queues)
C.
Filename override, sender filtering options, network output queues (memory/persistent queues)
Answers
D.
Metadata override, receiver filtering options, network input queues (memory/persistent queues)
D.
Metadata override, receiver filtering options, network input queues (memory/persistent queues)
Answers
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports

Question 69

Report
Export
Collapse

What is the default character encoding used by Splunk during the input phase?

A.
UTF-8
A.
UTF-8
Answers
B.
UTF-16
B.
UTF-16
Answers
C.
EBCDIC
C.
EBCDIC
Answers
D.
ISO 8859
D.
ISO 8859
Answers
Suggested answer: A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

"Configure character set encoding. Splunk software attempts to apply UTF-8 encoding to your scources by default. If a source foesn't use UTF-8 encoding or is a non-ASCII file, Splunk software tries to convert data from the source to UTF-8 encoding unless you specify a character set to use by setting the CHARSET key in the props.conf file."

Question 70

Report
Export
Collapse

Which of the following enables compression for universal forwarders in outputs. conf ?

A)

B)

C)

D)

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf# Compression##

This example sends compressed events to the remote indexer.

# NOTE: Compression can be enabled TCP or SSL outputs only.

# The receiver input port should also have compression enabled.

[tcpout]

server = splunkServer.example.com:4433

compressed = true

Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms