Vendor | : | Splunk |
Exam Code | : | SPLK-1003 |
Exam Name | : | Splunk Enterprise Certified Admin |
Questions and Answers | : | 110 Q & A |
Updated On | : | Click to Check Update |
PDF Download Mirror | : | SPLK-1003 Brain Dump |
Get Full Version | : | Pass4sure SPLK-1003 Full Version |
Question #4 Section 2
Within props.conf, which stanzas are valid for data modification? (Select all that apply.)
Host
Server
Source
Sourcetype
https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for-udp-514-data-sources.html
Question #5 Section 2
User role inheritance allows what to be inherited from the parent role? (Select all that apply.)
Parents
Capabilities
Index access
Search history
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities
Question #6 Section 2
How would you configure your distsearch.conf to allow you to run the search below?
[distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089
[distributedSearch] servers =nyc1, nyc2, houston1, houston2 [distributedSearch:NYC] default = false servers = nyc1, nyc2 [distributedSearch:HOUSTON] default = false servers = houston1, houston2
[distributedSearch] servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089
[distributedSearch] servers =nyc1:8089; nyc2:8089; houston1:8089; houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089; nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089; houston2:8089
Question #7 Section 2
Which layers are involved in Splunk configuration file layering? (Select all that apply.)
App context
User context
Global context
Forwarder context
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Wheretofindtheconfigurationfiles Question #8 Section 2
Which of the following are methods for adding inputs in Splunk? (Select all that apply.)
CLI
Splunk Web
Editing inpits.conf
Editing monitor.conf
http://dev.splunk.com/view/dev-guide/SP-CAAAE3A
Question #9 Section 2
Which valid bucket types are searchable? (Select all that apply.)
Hot buckets
Cold buckets
Warm buckets
Frozen buckets
https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/HowSplunkstoresindexes
Question #10 Section 2
Which of the following indexes come pre-configured with Splunk Enterprise? (Select all that apply.)
_licence
_internal
_external
_thefishbucket
https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Howindexingworks
Question #11 Section 2
Which of the following are required when defining an index in indexes.conf? (Select all that apply.)
coldPath
homePath
frozenPath
thawedPath
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf#PER_INDEX_OPTIONS
Question #12 Section 2
With authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)
LDAP
SAML
RADIUS
Duo Multifactor Authentication
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SetupuserauthenticationwithSplunk