Free Splunk SPLK-1003 Study Guides Exam Questions and Answer
SPLK-1003 Exam Dumps, SPLK-1003 Practice Test Questions
NEW QUESTION 73
What are the minimum required settings when creating a network input in Splunk?
- A. Protocol, port, location
- B. Protocol, port number
- C. Protocol, username, port
- D. Protocol, IP. port number
Answer: B
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf
[tcp://<remote server>:<port>]
*Configures the input to listen on a specific TCP network port.
*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.
*If you do not specify <remote server>, this stanza matches all connections on the specified port.
*Generates events with source set to "tcp:<port>", for example: tcp:514
*If you do not specify a sourcetype, generates events with sourcetype set to "tcp-raw"
NEW QUESTION 74
What are the required stanza attributes when configuring the transforms.confto manipulate or remove events?
- A. REGEX, DEST, FORMAT
- B. REGEX, DEST_KEY, FORMATTING
- C. REGEX, DEST_KEY, FORMAT
- D. REGEX, SRC_KEY, FORMAT
Answer: C
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Transformsconf
NEW QUESTION 75
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
- A. Client Class
- B. Forwarder Class
- C. App Class
- D. Server Class
Answer: D
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Createdeploymentapps
NEW QUESTION 76
Which setting in indexes. conf allows data retention to be controlled by time?
- A. moveToFrozenAfter
- B. maxDaysToKeep
- C. frozenTimePeriodlnSecs
- D. maxDataRetentionTime
Answer: C
NEW QUESTION 77
For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?
- A. False
- B. Newline Character
- C. <regex string>
- D. True
Answer: A
Explanation:
https://docs.splunk.com/Documentation/Splunk/latest/Data/Configureeventlinebreaking Attribute : SHOULD_LINEMERGE = [true|false] Description : When set to true, the Splunk platform combines several input lines into a single event, with configuration based on the settings described in the next section.
NEW QUESTION 78
Which default Splunk role could be assigned to provide users with the following capabilities?
Create saved searches
Edit shared objects and alerts
Not allowed to create custom roles
- A. power
- B. splunk-system-role
- C. admin
- D. user
Answer: A
NEW QUESTION 79
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
- A. Client Class
- B. Forwarder Class
- C. App Class
- D. Server Class
Answer: D
Explanation:
<https://docs.splunk.com/Documentation/Splunk/8.0.6/Updating/Deploymentserverarchitecture>
https://docs.splunk.com/Splexicon:Serverclass
NEW QUESTION 80
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
- A. Search head cluster master
- B. Deployment server
- C. Cluster master
- D. Deployer
Answer: B
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: "The deployment server distributes deployment apps to clients."
NEW QUESTION 81
Which of the following statements apply to directory inputs? {select all that apply)
- A. All discovered text files are consumed.
- B. Compressed files are ignored by default
- C. Splunk recursively traverses through the directory structure.
- D. When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.
Answer: D
NEW QUESTION 82
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
- A. Map LDAP to Active Directory
- B. Map Users
- C. Map LDAP Inheritance
- D. Map Groups
Answer: D
Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/ConfigureLDAPwithSplunkWeb
NEW QUESTION 83
If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?
- A. Forwarder
- B. Indexer
- C. Search head
- D. Deployment server
Answer: B
Explanation:
Reference https://community.splunk.com/t5/Archive/How-to-reindex-data-from-a-forwarder/td-p/93310
NEW QUESTION 84
Which setting allows the configuration of Splunk to allow events to span over more than one line?
- A. SHOULD_LINEMERGE = false
- B. BREAK_ONLY_BEFORE_DATE = true
- C. BREAK_ONLY_BEFORE = <REGEX pattern>
- D. SHOULD_LINEMERGE = true
Answer: C
NEW QUESTION 85
How would you configure your distsearch conf to allow you to run the search below?
sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON A)
B)
C)
D)
- A. Option C
- B. Option B
- C. option A
- D. Option D
Answer: D
NEW QUESTION 86
Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)
- A. Host
- B. Server
- C. Source
- D. Sourcetype
Answer: C,D
Explanation:
Explanation/Reference: https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for-udp-
514-data-sources.html
NEW QUESTION 87
Which of the following are reasons to create separate indexes? (Choose all that apply.)
- A. Different retention times.
- B. Increase number of users.
- C. Restrict user permissions.
- D. File organization.
Answer: A,D
NEW QUESTION 88
Which configuration file would be used to forward the Splunk internal logs from a search head to the indexer?
- A. inputs.conf
- B. outputs.conf
- C. collections.conf
- D. props.conf
Answer: B
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.1.1/DistSearch/Forwardsearchheaddata Per the provided Splunk reference URL by @hwangho, scroll to section Forward search head data, subsection titled, 2. Configure the search head as a forwarder. "Create an outputs.conf file on the search head that configures the search head for load-balanced forwarding across the set of search peers (indexers)."
NEW QUESTION 89
Which option on the Add Data menu is most useful for testing data ingestion without creating inputs.conf?
- A. Download option
- B. Forward option
- C. Monitor option
- D. Upload option
Answer: C
NEW QUESTION 90
What options are available when creating custom roles? (select all that apply)
- A. Allow or restrict indexes that can be searched.
- B. Limit the number of concurrent search jobs
- C. Restrict search terms
- D. Whitelist search terms
Answer: A,B,C
Explanation:
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits
"Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings."
NEW QUESTION 91
In which Splunk configuration is the SEDCMD used?
- A. inputs.conf
- B. props, conf
- C. indexes.conf
- D. transforms.conf
Answer: B
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.0.5/Forwarding/Forwarddatatothird-partysystemsd
NEW QUESTION 92
Where are license files stored?
- A. $SPLUNK_HOME/etc/secure
- B. $SPLUNK_HOME/etc/apps/licenses
- C. $SPLUNK_HOME/etc/system
- D. $SPLUNK_HOME/etc/licenses
Answer: D
NEW QUESTION 93
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
- A. Map LDAP to Active Directory
- B. Map Users
- C. Map LDAP Inheritance
- D. Map Groups
Answer: D
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureLDAPwithSplunkWeb
"You can map either users or groups, but not both. If you are using groups, all users must be members of an appropriate group. Groups inherit capabilities form the highest level role they're a member of." "If your LDAP environment does not have group entries, you can treat each user as its own group."
NEW QUESTION 94
......
Latest SPLK-1003 Actual Free Exam Questions Updated 140 Questions: https://pass4sure.examcost.com/SPLK-1003-practice-exam.html
