ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003

Splunk SPLK-1003 Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
What are the minimum required settings when creating a network input in Splunk?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 71

Report
Export
Collapse

User role inheritance allows what to be inherited from the parent role? (select all that apply)

A.
Parents
A.
Parents
Answers
B.
Capabilities
B.
Capabilities
Answers
C.
Index access
C.
Index access
Answers
D.
Search history
D.
Search history
Answers
Suggested answer: B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance

https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

Question 72

Report
Export
Collapse

Which of the following statements apply to directory inputs? {select all that apply)

A.
All discovered text files are consumed.
A.
All discovered text files are consumed.
Answers
B.
Compressed files are ignored by default
B.
Compressed files are ignored by default
Answers
C.
Splunk recursively traverses through the directory structure.
C.
Splunk recursively traverses through the directory structure.
Answers
D.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
D.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
Answers
Suggested answer: A, C

Question 73

Report
Export
Collapse

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON

A)

B)

C)

D)

A.
option A
A.
option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups

Question 74

Report
Export
Collapse

Which of the following is valid distribute search group?

A)

B)

C)

D)

A.
option A
A.
option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: D

Question 75

Report
Export
Collapse

Local user accounts created in Splunk store passwords in which file?

A.
$ SFLUNK_HOME/etc/passwd
A.
$ SFLUNK_HOME/etc/passwd
Answers
B.
$ SFLUNK_HOME/etc/authentication
B.
$ SFLUNK_HOME/etc/authentication
Answers
C.
$ S?LUNK_HOME/etc/users/passwd.conf
C.
$ S?LUNK_HOME/etc/users/passwd.conf
Answers
D.
$ SPLUNK HOME/etc/users/authentication.conf
D.
$ SPLUNK HOME/etc/users/authentication.conf
Answers
Suggested answer: A

Explanation:

Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Userseedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable configurations. If the $SPLUNK_HOME/etc/passwd file is present, the settings in this file (user-seed.conf) are not used."

Question 76

Report
Export
Collapse

For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?

A.
True
A.
True
Answers
B.
False
B.
False
Answers
C.
<regex string>
C.
<regex string>
Answers
D.
Newline Character
D.
Newline Character
Answers
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking

Attribute : SHOULD_LINEMERGE = [true|false]

Description : When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.

Question 77

Report
Export
Collapse

Which Splunk component does a search head primarily communicate with?

A.
Indexer
A.
Indexer
Answers
B.
Forwarder
B.
Forwarder
Answers
C.
Cluster master
C.
Cluster master
Answers
D.
Deployment server
D.
Deployment server
Answers
Suggested answer: A

Question 78

Report
Export
Collapse

Which layers are involved in Splunk configuration file layering? (select all that apply)

A.
App context
A.
App context
Answers
B.
User context
B.
User context
Answers
C.
Global context
C.
Global context
Answers
D.
Forwarder context
D.
Forwarder context
Answers
Suggested answer: A, B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles

To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user: Global. Activities like indexing take place in a global context. They are independent of any app or user. For example, configuration files that determine monitoring or indexing behavior occur outside of the app and user context and are global in nature. App/user.

Some activities, like searching, take place in an app or user context. The app and user context is vital to search-time processing, where certain knowledge objects or actions might be valid only for specific users in specific apps.

Question 79

Report
Export
Collapse

Which of the following are methods for adding inputs in Splunk? (select all that apply)

A.
CLI
A.
CLI
Answers
B.
Splunk Web
B.
Splunk Web
Answers
C.
Editing inputs. conf
C.
Editing inputs. conf
Answers
D.
Editing monitor. conf
D.
Editing monitor. conf
Answers
Suggested answer: A, B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs

Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk Apps. In addition to these methods, you also can use the following methods. -The Splunk

Command Line Interface (CLI) -The inputs.conf configuration file. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuartion file on Splunk Enterprise indexer and heavy forwarder instances.

Question 80

Report
Export
Collapse

Which of the following authentication types requires scripting in Splunk?

A.
ADFS
A.
ADFS
Answers
B.
LDAP
B.
LDAP
Answers
C.
SAML
C.
SAML
Answers
D.
RADIUS
D.
RADIUS
Answers
Suggested answer: D

Explanation:

https://answers.splunk.com/answers/131127/scripted-authentication.html

Scripted Authentication: An option for Splunk Enterprise authentication. You can use an authentication system that you have in place (such as PAM or RADIUS) by configuring authentication.conf to use a script instead of using LDAP or Splunk Enterprise default authentication.

Total 185 questions
Go to page: of 19
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms