Scribd
Upload
554 views5 pages

SPLK-1003 Splunk Admin Exam Q&A Guide

This document contains 9 multiple choice questions about configuring and administering Splunk. It covers topics like data retention settings in indexes.conf, the output of the splunk btool props list command, enabling compression in outputs.conf, valid input types for file monitors in Splunk Web, options for custom roles, valid network input stanzas, role aggregation features, masking PII like social security numbers in event data, and configuration files used by the Universal Forwarder. The questions are taken from practice tests for the Splunk Enterprise Certified Admin certification.

Uploaded by

PRAGATI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
554 views5 pages

SPLK-1003 Splunk Admin Exam Q&A Guide

This document contains 9 multiple choice questions about configuring and administering Splunk. It covers topics like data retention settings in indexes.conf, the output of the splunk btool props list command, enabling compression in outputs.conf, valid input types for file monitors in Splunk Web, options for custom roles, valid network input stanzas, role aggregation features, masking PII like social security numbers in event data, and configuration files used by the Universal Forwarder. The questions are taken from practice tests for the Splunk Enterprise Certified Admin certification.

Uploaded by

PRAGATI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Question 3
  • Question 1
  • Question 2
  • Question 4
  • Question 6
  • Question 5
  • Question 8
  • Question 7
  • Question 9

Splunk

SPLK-1003
Splunk Enterprise Certified Admin
QUESTION & ANSWERS

[Link]
QUESTION 1

Which setting in [Link] allows data retention to be controlled by time?


A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodInSecs

Correct Answer: D

Explanation/Reference:

Reference: [Link]

QUESTION 2

You update a [Link] file while Splunk is running. You do not restart Splunk and you run this
command: splunk btool props list –-debug. What will the output be?
A. A list of all the configurations on-disk that Splunk contains.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of [Link] configurations as they are on-disk along with a file path from which the
configuration is located.
D. A list of the current running [Link] configurations along with a file path from which the
configuration was made.

Correct Answer: D

Explanation/Reference:

Reference: [Link]
[Link]

QUESTION 3

Which of the following enables compression for universal forwarders in [Link]?


A. [udpout:mysplunk_indexer11]compression=true
B. [tcpout]defaultGroup=my_indexerscompressed=true
C. /opt/splunkforwarder/bin/splunk enable compression
D. [tcpount:my_indexers] server=mysplunk_indexer1:9997,
mysplunk_indexer2:9997decompression=false

[Link]
Correct Answer: B

Explanation/Reference:

Reference: [Link]

QUESTION 4

Which of the following are available input methods when adding a file input in Splunk Web? (Choose
all that apply.)
A. Index once.
B. Monitor interval.
C. On-demand monitor.
D. Continuously monitor.

Correct Answer: D

QUESTION 5

What options are available when creating custom roles? (Choose all that apply.)
A. Restrict search terms.
B. Whitelist search terms.
C. Limit the number of concurrent search jobs.
D. Allow or restrict indexes that can be searched.

Correct Answer: A,D

Explanation/Reference:

Reference: [Link]

QUESTION 6

Which is a valid stanza for a network input?


A. [udp://[Link]:9997] connection = dns sourcetype = dns
B. [any://[Link]:10001] connection_host = ip sourcetype = web
C. [tcp://[Link]:9997] connection_host = web sourcetype = web
D. [tcp://[Link]:10001] connection_host = dns sourcetype = dns

[Link]
Correct Answer: C

Explanation/Reference:

Reference: [Link]
Bypassautomaticsourcetypeassignment

QUESTION 7

Which feature of Splunk’s role configuration can be used to aggregate multiple roles intended for
groups of users?
A. Linked roles
B. Grantable roles
C. Role federation
D. Role inheritance

Correct Answer: D

Explanation/Reference:

Reference: [Link]

QUESTION 8

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format
is
as follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?
A. [Link][mask-SSN]REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-##-
$2KEY = _raw
B. [Link][mask-SSN]REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-
##-$2DEST_KEY = _raw
C. [Link][mask-SSN]REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-
##-$2DEST_KEY = _raw
D. [Link][mask-SSN]REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT =
$1###-##-$2DEST_KEY = _raw

Correct Answer: B

[Link]
Explanation/Reference:

Reference: [Link]
Splunk/tdp/433035

QUESTION 9

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
A. [Link]
B. [Link]
C. [Link]
D. [Link]

Correct Answer: A,C

Explanation/Reference:

Reference: [Link]
Configuretheuniversalforwarder

[Link]

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html Splunk SPLK-1003 Splunk Enterprise Certified Admin QUESTION & ANSWERS
https://www.dumpslink.com/SPLK-1003-pdf-dumps.html QUESTION 1 Which setting in indexes.conf allows data retention to be contr
https://www.dumpslink.com/SPLK-1003-pdf-dumps.html Correct Answer: B Explanation/Reference: Reference: https://docs.splunk.co
https://www.dumpslink.com/SPLK-1003-pdf-dumps.html Correct Answer: C Explanation/Reference: Reference: https://docs.splunk.co
https://www.dumpslink.com/SPLK-1003-pdf-dumps.html Explanation/Reference: Reference: https://community.splunk.com/t5/Archive/

You might also like