Splunk SPLK-1003 - Splunk Enterprise Certified Admin Exam
Page: 1 / 42
Total 209 questions
Question #1 (Topic: Single Topic)
Which setting in indexes.conf allows data retention to be controlled by time?
A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodInSecs
Answer: D
Question #2 (Topic: Single Topic)
The universal forwarder has which capabilities when sending data? (Choose all that apply.)
A. Sending alerts
B. Compressing data
C. Obfuscating/hiding data
D. Indexer acknowledgement
Answer: D
Question #3 (Topic: Single Topic)
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whichever is entered into the configuration first.
Answer: A
Question #4 (Topic: Single Topic)
In which Splunk configuration is the SEDCMD used?
A. props.conf
B. inputs.conf
C. indexes.conf
D. transforms.conf
Answer: A
Question #5 (Topic: Single Topic)
Which of the following are supported configuration methods to add inputs on a forwarder? (Choose all that apply.)
A. CLI
B. Edit inputs.conf
C. Edit forwarder.conf
D. Forwarder Management
Answer: AB