ExamGecko
Home / Splunk / SPLK-1003 / List of questions
Ask Question

Splunk SPLK-1003 Practice Test - Questions Answers, Page 8

Add to Whishlist

List of questions

Question 71

Report Export Collapse

User role inheritance allows what to be inherited from the parent role? (select all that apply)

Parents
Parents
Capabilities
Capabilities
Index access
Index access
Search history
Search history
Suggested answer: B, C
Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance

https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

asked 23/09/2024
SCOTTIE EASTER
47 questions

Question 72

Report Export Collapse

Which of the following statements apply to directory inputs? {select all that apply)

All discovered text files are consumed.
All discovered text files are consumed.
Compressed files are ignored by default
Compressed files are ignored by default
Splunk recursively traverses through the directory structure.
Splunk recursively traverses through the directory structure.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
Suggested answer: A, C
asked 23/09/2024
Adetutu Ogunsowo
49 questions

Question 73

Report Export Collapse

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON

A)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

B)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

C)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

D)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

option A
option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: C
Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups

asked 23/09/2024
Selladurai Ravi
49 questions

Question 74

Report Export Collapse

Which of the following is valid distribute search group?

A)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

B)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

C)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

D)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

option A
option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: D
asked 23/09/2024
Vusani Nedzungani
56 questions

Question 75

Report Export Collapse

Local user accounts created in Splunk store passwords in which file?

$ SFLUNK_HOME/etc/passwd
$ SFLUNK_HOME/etc/passwd
$ SFLUNK_HOME/etc/authentication
$ SFLUNK_HOME/etc/authentication
$ S?LUNK_HOME/etc/users/passwd.conf
$ S?LUNK_HOME/etc/users/passwd.conf
$ SPLUNK HOME/etc/users/authentication.conf
$ SPLUNK HOME/etc/users/authentication.conf
Suggested answer: A
Explanation:

Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Userseedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable configurations. If the $SPLUNK_HOME/etc/passwd file is present, the settings in this file (user-seed.conf) are not used."

asked 23/09/2024
Selladurai Ravi
49 questions

Question 76

Report Export Collapse

For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?

True
True
False
False
<regex string>
<regex string>
Newline Character
Newline Character
Suggested answer: B
Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking

Attribute : SHOULD_LINEMERGE = [true|false]

Description : When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.

asked 23/09/2024
Cristian Melo
41 questions

Question 77

Report Export Collapse

Which Splunk component does a search head primarily communicate with?

Indexer
Indexer
Forwarder
Forwarder
Cluster master
Cluster master
Deployment server
Deployment server
Suggested answer: A
asked 23/09/2024
Jesserey Joseph
44 questions

Question 78

Report Export Collapse

Which layers are involved in Splunk configuration file layering? (select all that apply)

App context
App context
User context
User context
Global context
Global context
Forwarder context
Forwarder context
Suggested answer: A, B, C
Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles

To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user: Global. Activities like indexing take place in a global context. They are independent of any app or user. For example, configuration files that determine monitoring or indexing behavior occur outside of the app and user context and are global in nature. App/user.

Some activities, like searching, take place in an app or user context. The app and user context is vital to search-time processing, where certain knowledge objects or actions might be valid only for specific users in specific apps.

asked 23/09/2024
Jordan Fredriksz
38 questions

Question 79

Report Export Collapse

Which of the following are methods for adding inputs in Splunk? (select all that apply)

CLI
CLI
Splunk Web
Splunk Web
Editing inputs. conf
Editing inputs. conf
Editing monitor. conf
Editing monitor. conf
Suggested answer: A, B, C
Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs

Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk Apps. In addition to these methods, you also can use the following methods. -The Splunk

Command Line Interface (CLI) -The inputs.conf configuration file. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuartion file on Splunk Enterprise indexer and heavy forwarder instances.

asked 23/09/2024
Fai Malali
41 questions

Question 80

Report Export Collapse

Which of the following authentication types requires scripting in Splunk?

ADFS
ADFS
LDAP
LDAP
SAML
SAML
RADIUS
RADIUS
Suggested answer: D
Explanation:

https://answers.splunk.com/answers/131127/scripted-authentication.html

Scripted Authentication: An option for Splunk Enterprise authentication. You can use an authentication system that you have in place (such as PAM or RADIUS) by configuring authentication.conf to use a script instead of using LDAP or Splunk Enterprise default authentication.

asked 23/09/2024
Amidou Florian TOURE
36 questions
Total 189 questions
Go to page: of 19