Splunk SPLK-1005 Practice Test - Questions Answers, Page 7
Question list
List of questions
Related questions
Which of the following is a valid monitor stanza for inputs.conf?
[monitor:///var/log/*.log] index = linux sourcetype = access_combined host = 489307057
[monitor:\\\var\log\httpd-[0-9].log] index = linux sourcetype = access_combined host = 489307057
[monitor:///var/log/httpd-[0-9].log] index = linux sourcetype = access_combined host = 489307057
[monitor:\\\var\log\*.log] index = linux sourcetype = access_combined host = 489307057
What is the default port for sending data via HTTP Event Collector to Splunk Cloud?
443
8088
9997
8000
In Splunk Cloud, which of the following statements regarding REST API is true?
REST API and Splunk HEC are on the same port.
All REST API endpoints are open and available by default.
REST API is not available in Splunk Cloud.
A subset of REST API endpoints are enabled for customers to manage Splunk.
Which configuration shown is used to enable a forwarder as a deployment client of the server 10.1.2.3?
[target-broker:deploymentServer] targetUri = 10.1.2.3:9997
[target-broker:deploymentserver] targetUri = 10.1.2.3:8089
[target-broker:deploymentserver] deploymentserver = 10.1.2.3:9997
[target-broker:deploymentserver] deploymentserver = 10.1.2.3:8089
Which of the following would always require raising a support ticket?
Capacity or configuration changes in Splunk Cloud.
Search does not return expected results in Splunk Cloud.
A user is unable to log into Splunk Cloud.
Data is not indexed in Splunk Cloud.
How is the forwarder configuration app for Splunk Cloud obtained?
Use the wget URL presented when an sc_admin user logs in for the first time.
Download from the email sent to the person listed in the SHIP TO: field when the customer licensed Splunk Cloud.
Download from the Splunk Cloud UI under the Universal Forwarder app.
Download from Splunkbase using splunk.com credentials.
What is the name of the Splunk index that contains the most valuable information for troubleshooting a Splunk issue?
_internal
lastchanceindex
_monitoring
defaultdb
A log file is being ingested into Splunk, and a few events have no date stamp. How would Splunk first try to determine the missing date of the events?
Splunk will take the date of a previous event within the log file.
Splunk will use the current system time of the Indexer for the date.
Splunk will use the date of when the file monitor was created.
Splunk will take the date from the file modification time.
Which of the following are default Splunk Cloud user roles?
must_delete, power, sc_admin
power, user, admin
apps, power, sc_admin
can delete, users, admin
A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?
Ask the LDAP administrator to move Mia's account to an appropriately mapped LDAP group.
Have Mia log into Splunk, then update her own role in user settings.
Create a role named Power in Splunk, then map Mia's account to that role.
Use the Cloud Monitoring Console app as an administrator to map Mia's account to the power role.
Question