Splunk Enterprise Certified Admin v1.0 (SPLK-1003)

Page:    1 / 7   
Total 98 questions

Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)

  • A. props.conf
  • B. inputs.conf
  • C. rawdata.conf
  • D. transforms.conf


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/Configuretimestamprecognition

What conf file needs to be edited to set up distributed search groups?

  • A. props.conf
  • B. search.conf
  • C. distsearch.conf
  • D. distibutedsearch.conf


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/Distributedsearchgroups

After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?

  • A. index=main
  • B. index=test
  • C. index=summary
  • D. index=_internal


Answer : D

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Validateyourconfiguration

Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that apply.)

  • A. Index once.
  • B. Monitor interval.
  • C. On-demand monitor.
  • D. Continuously monitor.


Answer : D

Which is a valid stanza for a network input?

  • A. [udp://172.16.10.1:9997] connection = dns sourcetype = dns
  • B. [any://172.16.10.1:10001] connection_host = ip sourcetype = web
  • C. [tcp://172.16.10.1:9997] connection_host = web sourcetype = web
  • D. [tcp://172.16.10.1:10001] connection_host = dns sourcetype = dns


Answer : C

Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2006/Data/Bypassautomaticsourcetypeassignment

Which additional component is required for a search head cluster?

  • A. Deployer
  • B. Cluster Master
  • C. Monitoring Console
  • D. Management Console


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/SHCdeploymentoverview

When are knowledge bundles distributed to search peers?

  • A. After a user logs in.
  • B. When Splunk is restarted.
  • C. When adding a new search peer.
  • D. When a distributed search is initiated.


Answer : D

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/Whatsearchheadssend

Assume a file is being monitored and the data was incorrectly indexed to an exclusive index. The index is cleaned and now the data must be reindexed. What other index must be cleaned to reset the input checkpoint information for that file?

  • A. _audit
  • B. _checkpoint
  • C. _introspection
  • D. _thefishbucket


Answer : A

Reference:
http://docshare02.docshare.tips/files/4773/47733589.pdf

If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?

  • A. Indexer
  • B. Forwarder
  • C. Search head
  • D. Deployment server


Answer : A

Reference -
https://community.splunk.com/t5/Archive/How-to-reindex-data-from-a-forwarder/td-p/93310

How can native authentication be disabled in Splunk?

  • A. Remove the $SPLUNK_HOME/etc/passwd file
  • B. Create an empty $SPLUNK_HOME/etc/passwd file
  • C. Set SPLUNK_AUTHENTICATION=false in splunk-launch.conf
  • D. Set nativeAuthentication=false in authentication.conf


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Secureyouradminaccount

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of
Splunk component instances are needed?

  • A. Indexers, search head, universal forwarders, license master
  • B. Indexers, search head, deployment server, universal forwarders
  • C. Indexers, search head, deployment server, license master, universal forwarder
  • D. Indexers, search head, deployment server, license master, universal forwarder, heavy forwarder


Answer : B

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)

  • A. inputs.conf
  • B. monitor.conf
  • C. outputs.conf
  • D. forwarder.conf


Answer : AC

Reference:
https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/Configuretheuniversalforwarder

On the deployment server, administrators can map clients to server classes using client filters. Which of the following statements is accurate?

  • A. The blacklist takes precedence over the whitelist.
  • B. The whitelist takes precedence over the blacklist.
  • C. Wildcards are not supported in any client filters.
  • D. Machine type filters are applied before the whitelist and blacklist.


Answer : A

Reference:
https://community.splunk.com/t5/Getting-Data-In/Can-I-use-both-the-whitelist-AND-blacklist-for-the-same/td-p/390910

Which configuration file would be used to forward the Splunk internal logs from a search head to the indexer?

  • A. props.conf
  • B. inputs.conf
  • C. outputs.conf
  • D. collections.conf


Answer : C

Reference:
https://community.splunk.com/t5/Getting-Data-In/How-to-configure-search-head-to-forward-internal-data-to-the/td-p/111658

When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?

  • A. Enable indexer acknowledgment.
  • B. Enable forwarder acknowledgment.
  • C. splunk check-integrity -index <index name>
  • D. index=_internal component=ACK | stats count by host


Answer : A

Reference -
https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/AboutHECIDXAck

Page:    1 / 7   
Total 98 questions