Splunk SPLK-1003 Practice Test - Questions Answers, Page 8
Related questions
Question 71

User role inheritance allows what to be inherited from the parent role? (select all that apply)
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities
Question 72

Which of the following statements apply to directory inputs? {select all that apply)
Question 73

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON
A)
B)
C)
D)
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.3/DistSearch/Distributedsearchgroups
Question 74

Which of the following is valid distribute search group?
A)
B)
C)
D)
Question 75

Local user accounts created in Splunk store passwords in which file?
Explanation:
Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Userseedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable configurations. If the $SPLUNK_HOME/etc/passwd file is present, the settings in this file (user-seed.conf) are not used."
Question 76

For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking
Attribute : SHOULD_LINEMERGE = [true|false]
Description : When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.
Question 77

Which Splunk component does a search head primarily communicate with?
Question 78

Which layers are involved in Splunk configuration file layering? (select all that apply)
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles
To determine the order of directories for evaluating configuration file precedence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user: Global. Activities like indexing take place in a global context. They are independent of any app or user. For example, configuration files that determine monitoring or indexing behavior occur outside of the app and user context and are global in nature. App/user.
Some activities, like searching, take place in an app or user context. The app and user context is vital to search-time processing, where certain knowledge objects or actions might be valid only for specific users in specific apps.
Question 79

Which of the following are methods for adding inputs in Splunk? (select all that apply)
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Configureyourinputs
Add your data to Splunk Enterprise. With Splunk Enterprise, you can add data using Splunk Web or Splunk Apps. In addition to these methods, you also can use the following methods. -The Splunk
Command Line Interface (CLI) -The inputs.conf configuration file. When you specify your inputs with Splunk Web or the CLI, the details are saved in a configuartion file on Splunk Enterprise indexer and heavy forwarder instances.
Question 80

Which of the following authentication types requires scripting in Splunk?
Explanation:
https://answers.splunk.com/answers/131127/scripted-authentication.html
Scripted Authentication: An option for Splunk Enterprise authentication. You can use an authentication system that you have in place (such as PAM or RADIUS) by configuring authentication.conf to use a script instead of using LDAP or Splunk Enterprise default authentication.
Question