Splunk SPLK-1005 - Splunk Cloud Certified Admin Exam
Page: 1 / 12
Total 60 questions
Question #1 (Topic: Exam A)
When monitoring directories that contain mixed file types, which setting should be omitted from inputs.conf and instead be overridden in props.conf?
A. sourcetype
B. host
C. source
D. index
Answer: A
Question #2 (Topic: Exam A)
How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?
A. Any token will be accepted by HEC, the data may just end up in the wrong index.
B. A token is generated when configuring a HEC input, which should be provided to the application developers.
C. Obtain a token from the organization’s application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.
D. Open a support case for each new data input and a token will be provided.
Answer: B
Question #3 (Topic: Exam A)
The following Apache access log is being ingested into Splunk via a monitor input:
How does Splunk determine the time zone for this event?
How does Splunk determine the time zone for this event?
A. The value of the TZ attribute in props.conf for the access_combined sourcetype.
B. The value of the TZ attribute in props.conf for the my.webserver.example host.
C. The time zone of the Heavy/Intermediate Forwarder with the monitor input.
D. The time zone indicator in the raw event data.
Answer: D
Question #4 (Topic: Exam A)
What syntax is required in inputs.conf to ingest data from files or directories?
A. A monitor stanza, sourcetype, and index is required to ingest data.
B. A monitor stanza, sourcetype, index, and host is required to ingest data.
C. A monitor stanza and sourcetype is required to ingest data.
D. Only the monitor stanza is required to ingest data.
Answer: D
Question #5 (Topic: Exam A)
A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchases/transactions.log that has the following format:
2020-01-01 00:01:20 User=bob SuperSecretNumber=123456789012 Operation=purchase
2020-01-01 16:15:32 User=alice SuperSecretNumber=123456789012 Operation=purchase
Which of the stanzas below will achieve this?
2020-01-01 00:01:20 User=bob SuperSecretNumber=123456789012 Operation=purchase
2020-01-01 16:15:32 User=alice SuperSecretNumber=123456789012 Operation=purchase
Which of the stanzas below will achieve this?
A. <img title="image2" src="https://img.itexams.com/splk-1005/image2.png">
B. <img title="image3" src="https://img.itexams.com/splk-1005/image3.png">
C. <img title="image4" src="https://img.itexams.com/splk-1005/image4.png">
D. <img title="image5" src="https://img.itexams.com/splk-1005/image5.png">
Answer: A
