SPLK-1003 Practice Questions

After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?

Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see thei...

Which of the following is an appropriate description of a deployment server in a non-cluster environment?

Which Splunk forwarder has a built-in license?

What happens when the same username exists in Splunk as well as through LDAP?

Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?

Which of the following applies only to Splunk index data integrity check?

Which of the following types of data count against the license daily quota?

Which of the following is a valid distributed search group?

Which default Splunk role could be assigned to provide users with the following capabilities? Create saved searches Edit shared objects and alerts Not allowed to create custom role...

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?

Which artifact is required in the request header when creating an HTTP event?

All search-time field extractions should be specified on which Splunk component?

In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?

What is the command to reset the fishbucket for one source?

Which setting allows the configuration of Splunk to allow events to span over more than one line?

In this example, if useACK is set to true and the maxQueueSize is set to 7MB, what is the size of the wait queue on this universal forwarder?

Which of the following are reasons to create separate indexes? (Choose all that apply.)

Which network input option provides durable file-system buffering of data to mitigate data loss due to network outages and splunkd restarts?

A new forwarder has been installed with a manually created deploymentclient.conf. What is the next step to enable the communication between the forwarder and the deployment server?

When using a directory monitor input, specific source type can be selectively overridden using which configuration file?

When using license pools, volume allocations apply to which Splunk components?

An add-on has configured field aliases for source IP address and destination IP address fields. A specific user prefers not to have those fields present in their user context. Base...

Which forwarder is recommended by Splunk to use in a production environment?

Which of the following Splunk components require a separate installation package?

Which data pipeline phase is the last opportunity for defining event boundaries?

A company moves to a distributed architecture to meet the growing demand for the use of Splunk. What parameter can be configured to enable automatic load balancing in the Universal...

Which of the following methods will connect a deployment client to a deployment server? (select all that apply)

Running this search in a distributed environment: On what Splunk component does the eval command get executed?

When would the following command be used?

In inputs. conf, which stanza would mean Splunk was only reading one local file?

Which of the methods listed below supports muti-factor authentication?

A Splunk administrator has been tasked with developing a retention strategy to have frequently accessed data sets on SSD storage and to have older, less frequently accessed data on...

Immediately after installation, what will a Universal Forwarder do first?

A non-clustered Splunk environment has three indexers (A,B,C) and two search heads (X, Y). During a search executed on search head X, indexer A crashes. What is Splunk's response?

What is the correct curl to send multiple events through HTTP Event Collector?

The following stanzas in inputs. conf are currently being used by a deployment client: [udp: //145.175.118.177:1001 Connection_host = dns sourcetype = syslog Which of the following...

When working with an indexer cluster, what changes with the global precedence when comparing to a standalone deployment?

What happens when there are conflicting settings within two or more configuration files?

Load balancing on a Universal Forwarder is not scaling correctly. The forwarder's outputs. and the tcpout stanza are setup correctly. What else could be the cause of this scaling i...

A user recently installed an application to index NCINX access logs. After configuring the application, they realize that no data is being ingested. Which configuration file do the...

What event-processing pipelines are used to process data for indexing? (select all that apply)

In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?

When using a directory monitor input, specific source types can be selectively overridden using which configuration file?

A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?

What event-processing pipelines are used to process data for indexing? (select all that apply)

What is the correct example to redact a plain-text password from raw events?

What is an example of a proper configuration for CHARSET within props.conf?

A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed. Which comm...