Ask Question
Splunk SPLK-1005 Practice Test - Questions Answers, Page 2
Add to Whishlist
List of questions
Question 11
Which of the following app installation scenarios can be achieved without involving Splunk Support?
Deploy premium apps.
Install apps via the Request Install button.
Install apps via self-service.
Install apps that have not gone through the vetting process.
In Splunk Cloud, you can install apps via self-service, which allows you to install certain approved apps without involving Splunk Support. This self-service capability is provided for apps that have already been vetted and approved for use in the Splunk Cloud environment.
Option A typically requires support involvement because premium apps often need licensing or other special considerations.
Option B might involve the Request Install button, but some apps might still require vetting or support approval.
Option D is incorrect because apps that have not gone through the vetting process cannot be installed via self-service and would require Splunk Support for evaluation and approval.
Splunk Documentation
Reference: Install apps on Splunk Cloud
Question 12
Which file or folder below is not a required part of a deployment app?
app.conf (in default or local)
local.meta
metadata folder
props.conf
When creating a deployment app in Splunk, certain files and folders are considered essential to ensure proper configuration and operation:
app.conf (in default or local): This is required as it defines the app's metadata and behaviors.
local.meta: This file is important for defining access permissions for the app and is often included.
metadata folder: The metadata folder contains files like local.meta and default.meta and is typically required for defining permissions and other metadata-related settings.
props.conf: While props.conf is essential for many Splunk apps, it is not mandatory unless you need to define specific data parsing or transformation rules.
D . props.conf is the correct answer because, although it is commonly used, it is not a mandatory part of every deployment app. An app may not need data parsing configurations, and thus, props.conf might not be present in some apps.
Splunk Documentation
Reference:
Building Splunk Apps
Deployment Apps
This confirms that props.conf is not a required part of a deployment app, making it the correct answer.
Question 13
Which of the following files is used for both search-time and index-time configuration?
inputs.conf
props.conf
macros.conf
savesearch.conf
The props.conf file is a crucial configuration file in Splunk that is used for both search-time and index-time configurations.
At index-time, props.conf is used to define how data should be parsed and indexed, such as timestamp recognition, line breaking, and data transformations.
At search-time, props.conf is used to configure how data should be searched and interpreted, such as field extractions, lookups, and sourcetypes.
B . props.conf is the correct answer because it is the only file listed that serves both index-time and search-time purposes.
Splunk Documentation
Reference:
props.conf - configuration for search-time and index-time
Question 14
What Splunk command will allow an administrator to view the runtime configuration instructions for a monitored file in Inputs. cont on the forwarders?
./splunk _internal call /services/data/input.3/filemonitor
./splunk show config inputs.conf
./splunk _internal rest /services/data/inputs/monitor
./splunk show config inputs
To view the runtime configuration instructions for a monitored file in inputs.conf on the forwarder, the correct command to use involves accessing the internal REST API that provides details on data inputs.
C . ./splunk _internal rest /services/data/inputs/monitor is the correct answer. This command uses Splunk's internal REST endpoint to retrieve information about monitored files, including their runtime configurations as defined in inputs.conf.
Splunk Documentation
Reference:
Splunk REST API - Data Inputs
Question 15
Which of the following lists all parameters supported by the acceptFrom argument?
IPv4, IPv6, CIDRs, DNS names, Wildcards
IPv4, IPv6, CIDRs, DNS names
CIDRs, DNS names, Wildcards
IPv4. CIDRs, DNS names. Wildcards
The acceptFrom parameter is used in Splunk to specify which IP addresses or DNS names are allowed to send data to a Splunk instance. The supported formats include IPv4, IPv6, CIDR notation, and DNS names.
B . IPv4, IPv6, CIDRs, DNS names is the correct answer. These are the valid formats that can be used with the acceptFrom argument. Wildcards are not supported in acceptFrom parameters for security reasons, as they would allow overly broad access.
Splunk Documentation
Reference:
acceptFrom Parameter Usage
Question 16
At what point in the indexing pipeline set is SEDCMD applied to data?
Unlock Premium Member
Question 17
When monitoring directories that contain mixed file types, which setting should be omitted from inputs, conf and instead be overridden in propo.conf?
Question 18
How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?
Question 19
Which of the following statements regarding apps in Splunk Cloud is true?
Question 20
When using Splunk Universal Forwarders, which of the following is true?
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question