Splunk SPLK-1003 - Splunk Enterprise Certified Admin Exam

Question #1 (Topic: Single Topic)
Which setting in indexes.conf allows data retention to be controlled by time?
A. maxDaysToKeep B. moveToFrozenAfter C. maxDataRetentionTime D. frozenTimePeriodInSecs
Answer: D
Question #2 (Topic: Single Topic)
The universal forwarder has which capabilities when sending data? (Choose all that apply.)
A. Sending alerts B. Compressing data C. Obfuscating/hiding data D. Indexer acknowledgement
Answer: D
Question #3 (Topic: Single Topic)
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
A. Blacklist B. Whitelist C. They cancel each other out. D. Whichever is entered into the configuration first.
Answer: A
Question #4 (Topic: Single Topic)
In which Splunk configuration is the SEDCMD used?
A. props.conf B. inputs.conf C. indexes.conf D. transforms.conf
Answer: A
Question #5 (Topic: Single Topic)
Which of the following are supported configuration methods to add inputs on a forwarder? (Choose all that apply.)
A. CLI B. Edit inputs.conf C. Edit forwarder.conf D. Forwarder Management
Answer: AB
Download Exam
Page: 1 / 42
Total 209 questions