Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

SPLK-1003 Splunk Enterprise Certified Admin Questions and Answers

Questions 4

How do you remove missing forwarders from the Monitoring Console?

Options:

A.

By restarting Splunk.

B.

By rescanning active forwarders.

C.

By reloading the deployment server.

D.

By rebuilding the forwarder asset table.

Buy Now
Questions 5

On the deployment server, administrators can map clients to server classes using client filters. Which of the

following statements is accurate?

Options:

A.

The blacklist takes precedence over the whitelist.

B.

The whitelist takes precedence over the blacklist.

C.

Wildcards are not supported in any client filters.

D.

Machine type filters are applied before the whitelist and blacklist.

Buy Now
Questions 6

User role inheritance allows what to be inherited from the parent role? (select all that apply)

Options:

A.

Parents

B.

Capabilities

C.

Index access

D.

Search history

Buy Now
Questions 7

When indexing a data source, which fields are considered metadata?

Options:

A.

source, host, time

B.

time, sourcetype, source

C.

host, raw, sourcetype

D.

sourcetype, source, host

Buy Now
Questions 8

What event-processing pipelines are used to process data for indexing? (select all that apply)

Options:

A.

Typing pipeline

B.

Parsing pipeline

C.

fifo pipeline

D.

Indexing pipeline

Buy Now
Questions 9

Which Splunk forwarder has a built-in license?

Options:

A.

Light forwarder

B.

Heavy forwarder

C.

Universal forwarder

D.

Cloud forwarder

Buy Now
Questions 10

A Universal Forwarder has the following active stanza in inputs . conf:

[monitor: //var/log]

disabled = O

host = 460352847

An event from this input has a timestamp of 10:55. What timezone will Splunk add to the event as part of indexing?

Options:

A.

Universal Coordinated Time.

B.

The timezone of the search head.

C.

The timezone of the indexer that indexed the event.

D.

The timezone of the forwarder.

Buy Now
Questions 11

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as

follows: 123-44-5678.

Which configuration file and stanza pair will mask possible SSNs in the log events?

Options:

A.

props.conf

[mask-SSN]

REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"

FORMAT = $1###-##-$2

KEY = _raw

B.

props.conf

[mask-SSN]

REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"

FORMAT = $1###-##-$2

DEST_KEY = _raw

C.

transforms.conf

[mask-SSN]

REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"

FORMAT = $1###-##-$2

DEST_KEY = _raw

D.

transforms.conf

[mask-SSN]

REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"

FORMAT = $1###-##-$2

DEST_KEY = _raw

Buy Now
Questions 12

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?

Options:

A.

License data

B.

Metricsdata

C.

Internal Splunk data

D.

Internal Windows logs

Buy Now
Questions 13

What happens when the same username exists in Splunk as well as through LDAP?

Options:

A.

Splunk user is automatically deleted from authentication.conf.

B.

LDAP settings take precedence.

C.

Splunk settings take precedence.

D.

LDAP user is automatically deleted from authentication.conf

Buy Now
Questions 14

An add-on has configured field aliases for source IP address and destination IP address fields. A specific user prefers not to have those fields present in their user context. Based on the default props.conf below, which SPLUNK_HOME/etc/users/buttercup/myTA/local/props.conf stanza can be added to the user’s local context to disable the field aliases?

SPLK-1003 Question 14

SPLK-1003 Question 14

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 15

A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?

Options:

A.

Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and the change will be automatically sent to the deployment clients.

B.

Make the change in $SPLUNK HOME /etc/apps/$appname/local/ on any of the deployment clients, and then run the command . / splunk reload deploy-server to push that change to the deployment server.

C.

Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and then run $SPLUNK HOME/bin/sp1unk reload deploy—server.

D.

Make the change in $SPLUNK HOME/etc/apps/$appName/defau1t on the deployment server, and it will be distributed down to the clients' own local versions.

Buy Now
Questions 16

Which of the following are methods for adding inputs in Splunk? (select all that apply)

Options:

A.

CLI

B.

Splunk Web

C.

Editing inputs. conf

D.

Editing monitor. conf

Buy Now
Questions 17

Which of the following describes a Splunk deployment server?

Options:

A.

A Splunk Forwarder that deploys data to multiple indexers.

B.

A Splunk app installed on a Splunk Enterprise server.

C.

A Splunk Enterprise server that distributes apps.

D.

A server that automates the deployment of Splunk Enterprise to remote servers.

Buy Now
Questions 18

Which of the following is accurate regarding the input phase?

Options:

A.

Breaks data into events with timestamps.

B.

Applies event-level transformations.

C.

Fine-tunes metadata.

D.

Performs character encoding.

Buy Now
Questions 19

What type of Splunk license is pre-selected in a brand new Splunk installation?

Options:

A.

Free license

B.

Forwarder license

C.

Enterprise trial license

D.

Enterprise license

Buy Now
Questions 20

Which layers are involved in Splunk configuration file layering? (select all that apply)

Options:

A.

App context

B.

User context

C.

Global context

D.

Forwarder context

Buy Now
Questions 21

Load balancing on a Universal Forwarder is not scaling correctly. The forwarder's outputs. and the tcpout stanza are setup correctly. What else could be the cause of this scaling issue? (select all that apply)

Options:

A.

The receiving port is not properly setup to listen on the right port.

B.

The inputs . conf'S _SYSZOG_ROVTING is not setup to use the right group names.

C.

The DNS record used is not setup with a valid list of IP addresses.

D.

The indexAndForward value is not set properly.

Buy Now
Questions 22

In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?

Options:

A.

services/ collector

B.

services/ inputs ? raw

C.

services/ data/ collector

D.

data/ collector

Buy Now
Questions 23

A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?

Options:

A.

followTail = -45d

B.

ignore = 45d

C.

includeNewerThan = -35d

D.

ignoreOlderThan = 45d

Buy Now
Questions 24

When using a directory monitor input, specific source type can be selectively overridden using which configuration file?

Options:

A.

props.conf

B.

sourcetypes.conf

C.

transforms.conf

D.

outputs.conf

Buy Now
Questions 25

What is the name of the object that stores events inside of an index?

Options:

A.

Container

B.

Bucket

C.

Data layer

D.

Indexer

Buy Now
Questions 26

What is the default character encoding used by Splunk during the input phase?

Options:

A.

UTF-8

B.

UTF-16

C.

EBCDIC

D.

ISO 8859

Buy Now
Questions 27

For single line event sourcetypes. it is most efficient to set SHOULD_linemerge to what value?

Options:

A.

True

B.

False

C.

D.

Newline Character

Buy Now
Questions 28

After configuring a universal forwarder to communicate with an indexer, which index can be checked via the Splunk Web UI for a successful connection?

Options:

A.

index=main

B.

index=test

C.

index=summary

D.

index=_internal

Buy Now
Questions 29

What action is required to enable forwarder management in Splunk Web?

Options:

A.

Navigate to Settings > Server Settings > General Settings, and set an App server port.

B.

Navigate to Settings > Forwarding and receiving, and click on Enable Forwarding.

C.

Create a server class and map it to a client in SPLUNK_HOME/etc/system/local/serverclass.conf.

D.

Place an app in the SPLUNK_HOME/etc/deployment-apps directory of the deployment server.

Buy Now
Questions 30

In a distributed environment, which Splunk component is used to distribute apps and configurations to the

other Splunk instances?

Options:

A.

Indexer

B.

Deployer

C.

Forwarder

D.

Deployment server

Buy Now
Questions 31

A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the

Universal Forwarder to send data to the indexers?

Options:

A.

Create one outputs . conf file for each of the server addresses in the indexing tier.

B.

Configure the outputs . conf file to point to any server in the indexing tier and Splunk will configure the data to be sent to all of the indexers.

C.

Splunk does not do load balancing and requires a hardware load balancer to balance traffic across the indexers.

D.

Set the stanza to have a server value equal to a comma-separated list of IP addresses and indexer ports for each of the indexers in the environment.

Buy Now
Questions 32

When configuring HTTP Event Collector (HEC) input, how would one ensure the events have been indexed?

Options:

A.

Enable indexer acknowledgment.

B.

Enable forwarder acknowledgment.

C.

splunk check-integrity -index

D.

index=_internal component=ACK | stats count by host

Buy Now
Questions 33

What will the following inputs. conf stanza do?

[script://myscript . sh]

Interval=0

Options:

A.

The script will run at the default interval of 60 seconds.

B.

The script will not be run.

C.

The script will be run only once for each time Splunk is restarted.

D.

The script will be run. As soon as the script exits, Splunk restarts it.

Buy Now
Questions 34

Given a forwarder with the following outputs.conf configuration:

[tcpout : mypartner]

Server = 145.188.183.184:9097

[tcpout : hfbank]

server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997

Which of the following is a true statement?

Options:

A.

Data will continue to flow to hfbank if 145.1 ga. 183.184 : 9097 is unreachable.

B.

Data is not encrypted to mypartner because 145.188 .183.184 : 9097 is specified by IP.

C.

Data is encrypted to mypartner because 145.183.184 : 9097 is specified by IP.

D.

Data will eventually stop flowing everywhere if 145.188.183.184 : 9097 is unreachable.

Buy Now
Questions 35

An index stores its data in buckets. Which default directories does Splunk use to store buckets? (Choose all that apply.)

Options:

A.

bucketdb

B.

frozendb

C.

colddb

D.

db

Buy Now
Questions 36

Which additional component is required for a search head cluster?

Options:

A.

Deployer

B.

Cluster Master

C.

Monitoring Console

D.

Management Console

Buy Now
Questions 37

Which of the following must be done to define user permissions when integrating Splunk with LDAP?

Options:

A.

Map Users

B.

Map Groups

C.

Map LDAP Inheritance

D.

Map LDAP to Active Directory

Buy Now
Questions 38

An organization wants to collect Windows performance data from a set of clients, however, installing Splunk

software on these clients is not allowed. What option is available to collect this data in Splunk Enterprise?

Options:

A.

Use Local Windows host monitoring.

B.

Use Windows Remote Inputs with WMI.

C.

Use Local Windows network monitoring.

D.

Use an index with an Index Data Type of Metrics.

Buy Now
Questions 39

When deploying apps on Universal Forwarders using the deployment server, what is the correct component and location of the app before it is deployed?

Options:

A.

On Universal Forwarder, $SPLUNK_HOME/etc/apps

B.

On Deployment Server, $SPLUNK_HOME/etc/apps

C.

On Deployment Server, $SPLUNK_HOME/etc/deployment-apps

D.

On Universal Forwarder, $SPLUNK_HOME/etc/deployment-apps

Buy Now
Questions 40

What happens when there are conflicting settings within two or more configuration files?

Options:

A.

The setting is ignored until conflict is resolved.

B.

The setting for both values will be used together.

C.

The setting with the lowest precedence is used.

D.

The setting with the highest precedence is used.

Buy Now
Questions 41

Which option on the Add Data menu is most useful for testing data ingestion without creating inputs.conf?

Options:

A.

Upload option

B.

Forward option

C.

Monitor option

D.

Download option

Buy Now
Questions 42

The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs

the following search over the last 24 hours:

index=*

What field can the administrator check to see the data distribution?

Options:

A.

host

B.

index

C.

linecount

D.

splunk_server

Buy Now
Questions 43

Which scenario is applicable given the stanzas in authentication.conf below?

[authentication]

externalTwoFactorAuthVendor = Duo

externalTwoFactorAuthSettings = duoMFA

[duoMFA]

integrationKey = aGFwcHliaXJ0aGRheU1pZGR5

secretKey = YXVzdHJhaWxpYW5Gb3JHcmVw

applicationKey = c3BsaW5raW5ndGhlcGx1bWJ1c3NpbmN1OTU

apiHostname = 466993018.duosecurity.com

failOpen = True

timeout = 60

Options:

A.

If Splunk cannot connect to the multifactor authentication provider, all logins will be denied.

B.

Multifactor authentication is required to log into the host operating system.

C.

The secretKey does not need to be protected since multifactor authentication is turned on.

D.

If Splunk cannot connect to the multifactor authentication provider, authentications will be successful without completing a multifactor challenge.

Buy Now
Questions 44

When would the following command be used?

SPLK-1003 Question 44

Options:

A.

To verify' the integrity of a local index.

B.

To verify the integrity of a SmartStore index.

C.

To verify the integrity of a SmartStore bucket.

D.

To verify the integrity of a local bucket.

Buy Now
Questions 45

Which of the following enables compression for universal forwarders in outputs. conf ?

A)

SPLK-1003 Question 45

B)

SPLK-1003 Question 45

C)

SPLK-1003 Question 45

D)

SPLK-1003 Question 45

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 46

Which of the following statements describe deployment management? (select all that apply)

Options:

A.

Requires an Enterprise license

B.

Is responsible for sending apps to forwarders.

C.

Once used, is the only way to manage forwarders

D.

Can automatically restart the host OS running the forwarder.

Buy Now
Questions 47

In this example, if useACK is set to true and the maxQueueSize is set to 7MB, what is the size of the wait queue on this universal forwarder?

Options:

A.

21MB

B.

28MB

C.

14MB

D.

7MB

Buy Now
Questions 48

What options are available when creating custom roles? (select all that apply)

Options:

A.

Restrict search terms

B.

Whitelist search terms

C.

Limit the number of concurrent search jobs

D.

Allow or restrict indexes that can be searched.

Buy Now
Questions 49

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

Options:

A.

Default app

B.

LDAP group

C.

Password

D.

Username

Buy Now
Questions 50

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data

is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the

index?

Options:

A.

Buy a bigger Splunk license.

B.

Add 2.5 TB each day for the next 5 days.

C.

Add all 10 TB in a single 24 hour period.

D.

Add 200 GB of historical data each day for 50 days.

Buy Now
Questions 51

When running a real-time search, search results are pulled from which Splunk component?

Options:

A.

Heavy forwarders and search peers

B.

Heavy forwarders

C.

Search heads

D.

Search peers

Buy Now
Questions 52

How does the Monitoring Console monitor forwarders?

Options:

A.

By pulling internal logs from forwarders.

B.

By using the forwarder monitoring add-on

C.

With internal logs forwarded by forwarders.

D.

With internal logs forwarded by deployment server.

Buy Now
Questions 53

In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?

Options:

A.

services/collector

B.

data/collector

C.

services/inputs?raw

D.

services/data/collector

Buy Now
Questions 54

How often does Splunk recheck the LDAP server?

Options:

A.

Every 5 minutes

B.

Each time a user logs in

C.

Each time Splunk is restarted

D.

Varies based on LDAP_refresh setting.

Buy Now
Questions 55

Immediately after installation, what will a Universal Forwarder do first?

Options:

A.

Automatically detect any indexers in its subnet and begin routing data.

B.

Begin reading local files on its server.

C.

Begin generating internal Splunk logs.

D.

Send an email to the operator that the installation process has completed.

Buy Now
Exam Code: SPLK-1003
Exam Name: Splunk Enterprise Certified Admin
Last Update: Jul 20, 2024
Questions: 185

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now SPLK-1003 testing engine

PDF (Q&A)

$35  $99.99
buy now SPLK-1003 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 20 Jul 2024