ExamGecko
Home / Splunk / SPLK-1003
Ask Question

Splunk SPLK-1003 Practice Test - Questions Answers, Page 8

Question list
Search

Question 71

Report
Export
Collapse

User role inheritance allows what to be inherited from the parent role? (select all that apply)

Parents
Parents
Capabilities
Capabilities
Index access
Index access
Search history
Search history
Suggested answer: B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance

https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

asked 23/09/2024
SCOTTIE EASTER
40 questions

Question 72

Report
Export
Collapse

Which of the following statements apply to directory inputs? {select all that apply)

All discovered text files are consumed.
All discovered text files are consumed.
Compressed files are ignored by default
Compressed files are ignored by default
Splunk recursively traverses through the directory structure.
Splunk recursively traverses through the directory structure.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
Suggested answer: A, C
asked 23/09/2024
Adetutu Ogunsowo
45 questions

Question 73

Report
Export
Collapse

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON

A)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

B)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

C)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

D)

Splunk SPLK-1003 image Question 73 75381 09232024004541000000

option A
option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups

asked 23/09/2024
Selladurai Ravi
42 questions

Question 74

Report
Export
Collapse

Which of the following is valid distribute search group?

A)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

B)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

C)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

D)

Splunk SPLK-1003 image Question 74 75382 09232024004541000000

option A
option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: D
asked 23/09/2024
Vusani Nedzungani
50 questions

Question 75

Report
Export
Collapse

Local user accounts created in Splunk store passwords in which file?

$ SFLUNK_HOME/etc/passwd
$ SFLUNK_HOME/etc/passwd
$ SFLUNK_HOME/etc/authentication
$ SFLUNK_HOME/etc/authentication
$ S?LUNK_HOME/etc/users/passwd.conf
$ S?LUNK_HOME/etc/users/passwd.conf
$ SPLUNK HOME/etc/users/authentication.conf
$ SPLUNK HOME/etc/users/authentication.conf
Suggested answer: A

Explanation:

Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Userseedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable configurations. If the $SPLUNK_HOME/etc/passwd file is present, the settings in this file (user-seed.conf) are not used."

asked 23/09/2024
Selladurai Ravi
42 questions

Question 76

Report
Export
Collapse

For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?

True
True
False
False
<regex string>
<regex string>
Newline Character
Newline Character
Suggested answer: B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking

Attribute : SHOULD_LINEMERGE = [true|false]

Description : When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.

asked 23/09/2024
Cristian Melo
39 questions

Question 77

Report
Export
Collapse

Which Splunk component does a search head primarily communicate with?

Indexer
Indexer
Forwarder
Forwarder
Cluster master
Cluster master
Deployment server
Deployment server
Suggested answer: A
asked 23/09/2024
Jesserey Joseph
43 questions

Question 78

Report
Export
Collapse

Which layers are involved in Splunk configuration file layering? (select all that apply)

App context
App context
User context
User context
Global context
Global context
Forwarder context
Forwarder context
Suggested answer: A, B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles

To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user: Global. Activities like indexing take place in a global context. They are independent of any app or user. For example, configuration files that determine monitoring or indexing behavior occur outside of the app and user context and are global in nature. App/user.

Some activities, like searching, take place in an app or user context. The app and user context is vital to search-time processing, where certain knowledge objects or actions might be valid only for specific users in specific apps.

asked 23/09/2024
Jordan Fredriksz
33 questions

Question 79

Report
Export
Collapse

Which of the following are methods for adding inputs in Splunk? (select all that apply)

CLI
CLI
Splunk Web
Splunk Web
Editing inputs. conf
Editing inputs. conf
Editing monitor. conf
Editing monitor. conf
Suggested answer: A, B, C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs

Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk Apps. In addition to these methods, you also can use the following methods. -The Splunk

Command Line Interface (CLI) -The inputs.conf configuration file. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuartion file on Splunk Enterprise indexer and heavy forwarder instances.

asked 23/09/2024
Fai Malali
30 questions

Question 80

Report
Export
Collapse

Which of the following authentication types requires scripting in Splunk?

ADFS
ADFS
LDAP
LDAP
SAML
SAML
RADIUS
RADIUS
Suggested answer: D

Explanation:

https://answers.splunk.com/answers/131127/scripted-authentication.html

Scripted Authentication: An option for Splunk Enterprise authentication. You can use an authentication system that you have in place (such as PAM or RADIUS) by configuring authentication.conf to use a script instead of using LDAP or Splunk Enterprise default authentication.

asked 23/09/2024
Amidou Florian TOURE
33 questions
Total 189 questions
Go to page: of 19