Ask Question
SPLK-1005: Splunk Cloud Certified Admin
Splunk
Exam Questions:
80
.png)
2.370 Learners
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.
Related questions
A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?
Unlock Premium Member
Where can an administrator download the Splunk Cloud Universal Forwarder credentials package?
What two files are used in the data transformation process?
Which of the following statements is true regarding sedcmd?
A log file is being ingested into Splunk, and a few events have no date stamp. How would Splunk first try to determine the missing date of the events?
What is a private app?
An app where only a specific role has read and write access.
An app that is only viewable by a specific user.
An app that is created and used only by a specific organization.
An app where only a specific role has read access.
Explanation:
A private app in Splunk is one that is created and used within a specific organization, and is not publicly available in the Splunkbase app store.
C . An app that is created and used only by a specific organization is the correct answer. This type of app is developed internally and used by a particular organization, often tailored to meet specific internal needs. It is not shared with other organizations and remains private within that organization's Splunk environment.
Splunk Documentation
Reference:
Private Apps in Splunk
When creating a new index, which of the following is true about archiving expired events?
Which of the following are default Splunk Cloud user roles?
Which of the following is a valid stanza in props. conf?
[sourcetype::linux_secure]
[host=nyc25]
[host::nyc*]
[host:nyc*]
Explanation:
In props.conf, valid stanzas can include source types, hosts, and source specifications. The correct syntax uses colons for specific types, such as source types and hosts, but follows a particular format:
A . [sourcetype::linux_secure] is the correct answer. This is a valid stanza format for a source type in props.conf. It indicates that the following configurations apply specifically to the linux_secure source type.
B . [host=nyc25]: Incorrect, the correct format for a host-based stanza uses double colons, not an equal sign.
C . [host::nyc]:* Incorrect, wildcards are not used in this manner within props.conf.
D . [host
]:* Incorrect, the correct format requires double colons for host stanzas.
Splunk Documentation
Reference:
props.conf Specification
Due to internal security policies, a Splunk Cloud administrator cannot send data directly to Splunk Cloud from certain data sources. Additional parsing and API-based data sources also need to be sent to Splunk Cloud. What forwarder type should the Splunk Cloud administrator use to satisfy these requirements within their environment?
Question