March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

SPLK-1003 Splunk Enterprise Certified Admin Questions and Answers

Questions 4

Where can scripts for scripted inputs reside on the host file system? (select all that apply)

Options:

A.

$SFLUNK_HOME/bin/scripts

B.

$SPLUNK_HOME/etc/apps/bin

C.

$SPLUNK_HOME/etc/system/bin

D.

$S?LUNK_HOME/etc/apps//bin_

Buy Now
Questions 5

To set up a Network input in Splunk, what needs to be specified'?

Options:

A.

File path.

B.

Username and password

C.

Network protocol and port number.

D.

Network protocol and MAC address.

Buy Now
Questions 6

What is required when adding a native user to Splunk? (select all that apply)

Options:

A.

Password

B.

Username

C.

Full Name

D.

Default app

Buy Now
Questions 7

What conf file needs to be edited to set up distributed search groups?

Options:

A.

props.conf

B.

search.conf

C.

distsearch.conf

D.

distibutedsearch.conf

Buy Now
Questions 8

Which is a valid stanza for a network input?

Options:

A.

[udp://172.16.10.1:9997]

connection = dns

sourcetype = dns

B.

[any://172.16.10.1:10001]

connection_host = ip

sourcetype = web

C.

[tcp://172.16.10.1:9997]

connection_host = web

sourcetype = web

D.

[tcp://172.16.10.1:10001]

connection_host = dns

sourcetype = dns

Buy Now
Questions 9

What action is required to enable forwarder management in Splunk Web?

Options:

A.

Navigate to Settings > Server Settings > General Settings, and set an App server port.

B.

Navigate to Settings > Forwarding and receiving, and click on Enable Forwarding.

C.

Create a server class and map it to a client inSPLUNK_HOME/etc/system/local/serverclass.conf.

D.

Place an app in theSPLUNK_HOME/etc/deployment-appsdirectory of the deployment server.

Buy Now
Questions 10

When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?

Options:

A.

Enable indexer acknowledgment.

B.

Enable forwarder acknowledgment.

C.

splunk check-integrity -index

D.

index=_internal component=ACK | stats count by host

Buy Now
Questions 11

Which of the following authentication types requires scripting in Splunk?

Options:

A.

ADFS

B.

LDAP

C.

SAML

D.

RADIUS

Buy Now
Questions 12

A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a search executed on search head X, indexer A crashes. What is Splunk's response?

Options:

A.

Update the user in Splunk web informing them that the results of their search may be incomplete.

B.

Repeat the search request on indexer B without informing the user.

C.

Update the user in Splunk web that their results may be incomple and that Splunk will try to re-execute the search.

D.

Inform the user in Splunk web that their results may be incomplete and have them attempt the search from search head Y.

Buy Now
Questions 13

After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?

Options:

A.

90 days

B.

60 days

C.

7 days

D.

14 days

Buy Now
Questions 14

A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?

Options:

A.

followTail = -45d

B.

ignore = 45d

C.

includeNewerThan = -35d

D.

ignoreOlderThan = 45d

Buy Now
Questions 15

Which of the following must be done to define user permissions when integrating Splunk with LDAP?

Options:

A.

Map Users

B.

Map Groups

C.

Map LDAP Inheritance

D.

Map LDAP to Active Directory

Buy Now
Questions 16

An index stores its data in buckets. Which default directories does Splunk use to store buckets? (Choose all that apply.)

Options:

A.

bucketdb

B.

frozendb

C.

colddb

D.

db

Buy Now
Questions 17

How is a remote monitor input distributed to forwarders?

Options:

A.

As an app.

B.

As a forward.conf file.

C.

As a monitor.conf file.

D.

As a forwarder monitor profile.

Buy Now
Questions 18

A Universal Forwarder is collecting two separate sources of data (A,B). Source A is being routed through a Heavy Forwarder and then to an indexer. Source B is being routed directly to the indexer. Both sets of data require the masking of raw text strings before being written to disk. What does the administrator need to do to

ensure that the masking takes place successfully?

Options:

A.

Make sure that props . conf and transforms . conf are both present on the in-dexer and the search head.

B.

For source A, make sure that props . conf is in place on the indexer; and for source B, make sure transforms . conf is present on the Heavy Forwarder.

C.

Make sure that props . conf and transforms . conf are both present on the Universal Forwarder.

D.

Place both props . conf and transforms . conf on the Heavy Forwarder for source A, and place both props . conf and transforms . conf on the indexer for source B.

Buy Now
Questions 19

What event-processing pipelines are used to process data for indexing? (select all that apply)

Options:

A.

fifo pipeline

B.

Indexing pipeline

C.

Parsing pipeline

D.

Typing pipeline

Buy Now
Questions 20

Which of the following statements accurately describes using SSL to secure the feed from a forwarder?

Options:

A.

It does not encrypt the certificate password.

B.

SSL automatically compresses the feed by default.

C.

It requires that the forwarder be set to compressed=true.

D.

It requires that the receiver be set to compression=true.

Buy Now
Questions 21

Which of the following is accurate regarding the input phase?

Options:

A.

Breaks data into events with timestamps.

B.

Applies event-level transformations.

C.

Fine-tunes metadata.

D.

Performs character encoding.

Buy Now
Questions 22

Which of the following types of data count against the license daily quota?

Options:

A.

Replicated data

B.

splunkd logs

C.

Summary index data

D.

Windows internal logs

Buy Now
Questions 23

After how many warnings within a rolling 30-day period will a license violation occur with an enforced

Enterprise license?

Options:

A.

1

B.

3

C.

4

D.

5

Buy Now
Questions 24

What is the default value ofLINE_BREAKER?

Options:

A.

\r\n

B.

([\r\n]+)

C.

\r+\n+

D.

(\r\n+)

Buy Now
Questions 25

Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

Options:

A.

A token-based HTTP input that is secure and scalable and that requires the use of forwarders

B.

A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.

C.

An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.

D.

A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.

Buy Now
Questions 26

A new forwarder has been installed with a manually createddeploymentclient.conf.

What is the next step to enable the communication between the forwarder and the deployment server?

Options:

A.

Restart Splunk on the deployment server.

B.

Enable the deployment client in Splunk Web under Forwarder Management.

C.

Restart Splunk on the deployment client.

D.

Wait for up to the time set in thephoneHomeIntervalInSecssetting.

Buy Now
Questions 27

Which of the following enables compression for universal forwarders in outputs. conf ?

A)

SPLK-1003 Question 27

B)

SPLK-1003 Question 27

C)

SPLK-1003 Question 27

D)

SPLK-1003 Question 27

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 28

What is a role in Splunk? (select all that apply)

Options:

A.

A classification that determines what capabilities a user has.

B.

A classification that determines if a Splunk server can remotely control another Splunk server.

C.

A classification that determines what functions a Splunk server controls.

D.

A classification that determines what indexes a user can search.

Buy Now
Questions 29

What event-processing pipelines are used to process data for indexing? (select all that apply)

Options:

A.

Typing pipeline

B.

Parsing pipeline

C.

fifo pipeline

D.

Indexing pipeline

Buy Now
Questions 30

Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting

up Duo for Multi-Factor Authentication in Splunk Enterprise?

Options:

A.

Duo Administrator

B.

LDAP Administrator

C.

SAML Administrator

D.

Trio Administrator

Buy Now
Questions 31

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

Options:

A.

Blacklist

B.

Whitelist

C.

They cancel each other out.

D.

Whichever is entered into the configuration first.

Buy Now
Questions 32

A Universal Forwarder has the following active stanza in inputs . conf:

[monitor: //var/log]

disabled = O

host = 460352847

An event from this input has a timestamp of 10:55. What timezone will Splunk add to the event as part of indexing?

Options:

A.

Universal Coordinated Time.

B.

The timezone of the search head.

C.

The timezone of the indexer that indexed the event.

D.

The timezone of the forwarder.

Buy Now
Questions 33

Which of the following Splunk components require a separate installation package?

Options:

A.

Deployment server

B.

License master

C.

Universal forwarder

D.

Heavy forwarder

Buy Now
Questions 34

On the deployment server, administrators can map clients to server classes using client filters. Which of the

following statements is accurate?

Options:

A.

The blacklist takes precedence over the whitelist.

B.

The whitelist takes precedence over the blacklist.

C.

Wildcards are not supported in any client filters.

D.

Machine type filters are applied before the whitelist and blacklist.

Buy Now
Questions 35

Which pathway represents where a network input in Splunk might be found?

Options:

A.

$SPLUNK HOME/ etc/ apps/ ne two r k/ inputs.conf

B.

$SPLUNK HOME/ etc/ apps/ $appName/ local / inputs.conf

C.

$SPLUNK HOME/ system/ local /udp.conf

D.

$SPLUNK HOME/ var/lib/ splunk/$inputName/homePath/

Buy Now
Questions 36

Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)

Options:

A.

props.conf

B.

inputs.conf

C.

rawdata.conf

D.

transforms.conf

Buy Now
Questions 37

Which artifact is required in the request header when creating an HTTP event?

Options:

A.

ackID

B.

Token

C.

Manifest

D.

Host name

Buy Now
Questions 38

UsingSEDCMDinprops.confallows raw data to be modified. With the given event below, which option will mask the first three digits of theAcctIDfield resulting output:[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Event:

[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Options:

A.

SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g

B.

SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g

C.

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g

D.

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g

Buy Now
Questions 39

A Splunk administrator has been tasked with developing a retention strategy to have frequently accessed data sets on SSD storage and to have older, less frequently accessed data on slower NAS storage. They have set a mount point for the NAS. Which parameter do they need to modify to set the path for the older, less frequently accessed data in indexes.conf?

Options:

A.

homepath

B.

thawedPath

C.

summaryHomePath

D.

colddeath

Buy Now
Questions 40

How would you configure your distsearch conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_setver_group=HOUSTON

A)

SPLK-1003 Question 40

B)

SPLK-1003 Question 40

C)

SPLK-1003 Question 40

D)

SPLK-1003 Question 40

Options:

A.

option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 41

The universal forwarder has which capabilities when sending data? (select all that apply)

Options:

A.

Sending alerts

B.

Compressing data

C.

Obfuscating/hiding data

D.

Indexer acknowledgement

Buy Now
Questions 42

Which parent directory contains the configuration files in Splunk?

Options:

A.

SSFLUNK_HOME/etc

B.

SSPLUNK_HOME/var

C.

SSPLUNK_HOME/conf

D.

SSPLUNK_HOME/default

Buy Now
Questions 43

What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?

Options:

A.

REGEX, DEST. FORMAT

B.

REGEX.SRC_KEY, FORMAT

C.

REGEX, DEST_KEY, FORMAT

D.

REGEX, DEST_KEY FORMATTING

Buy Now
Questions 44

Search heads in a company's European offices need to be able to search data in their New York offices. They also need to restrict access to certain indexers. What should be configured to allow this type of action?

Options:

A.

Indexer clustering

B.

LDAP control

C.

Distributed search

D.

Search head clustering

Buy Now
Questions 45

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

Options:

A.

Indexers

B.

Forwarder

C.

Search head

D.

Search peers

Buy Now
Questions 46

The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs

the following search over the last 24 hours:

index=*

What field can the administrator check to see the data distribution?

Options:

A.

host

B.

index

C.

linecount

D.

splunk_server

Buy Now
Questions 47

Immediately after installation, what will a Universal Forwarder do first?

Options:

A.

Automatically detect any indexers in its subnet and begin routing data.

B.

Begin generating internal Splunk logs.

C.

Begin reading local files on its server.

D.

Send an email to the operator that the installation process has completed.

Buy Now
Questions 48

Which Splunk component would one use to perform line breaking prior to indexing?

Options:

A.

Heavy Forwarder

B.

Universal Forwarder

C.

Search head

D.

This can only be done at the indexing layer.

Buy Now
Questions 49

Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?

Options:

A.

_TCP_ROUTING

B.

_INDEXER_LIST

C.

_INDEXER_GROUP

D.

_INDEXER ROUTING

Buy Now
Questions 50

What is the difference between the two wildcards ... and - for the monitor stanza in inputs, conf?

Options:

A.

... is not supported in monitor stanzas

B.

There is no difference, they are interchangable and match anything beyond directory boundaries.

C.

* matches anything in that specific directory path segment, whereas ... recurses through subdirectories as well.

D.

... matches anything in that specific directory path segment, whereas - recurses through subdirectories as well.

Buy Now
Questions 51

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

Options:

A.

Universal forwarder

B.

Parsing forwarder

C.

Heavy forwarder

D.

Advanced forwarder

Buy Now
Questions 52

Which option on the Add Data menu is most useful for testing data ingestion without creating inputs.conf?

Options:

A.

Upload option

B.

Forward option

C.

Monitor option

D.

Download option

Buy Now
Questions 53

When using a directory monitor input, specific source types can be selectively overridden using which configuration file?

Options:

A.

sourcetypes . conf

B.

trans forms . conf

C.

outputs . conf

D.

props . conf

Buy Now
Questions 54

A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.

Which command would meet these needs?

Options:

A.

splunk add one shot / opt/ incident [data .log —index incident

B.

splunk edit monitor /opt/incident/data.* —index incident

C.

splunk add monitor /opt/incident/data.log —index incident

D.

splunk edit oneshot [opt/ incident/data.* —index incident

Buy Now
Exam Code: SPLK-1003
Exam Name: Splunk Enterprise Certified Admin
Last Update: Mar 14, 2024
Questions: 174

PDF + Testing Engine

$75.95  $216.99

Testing Engine

$53.2  $151.99
buy now SPLK-1003 testing engine

PDF (Q&A)

$49  $139.99
buy now SPLK-1003 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 19 Mar 2024