SPLK-1003 Practice Exam — 204 Free Splunk Questions

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

204Practice Questions

3Study Modes

Free

TopicSort

Question 1

Forwarder Management

Which Splunk component requires a Forwarder license?

A Search head
B Heavy forwarder
C Heaviest forwarder
D Universal forwarder

Question 2

Forwarder Management

Question 3

Network and Scripted Inputs

Question 4

Forwarder Management

Question 5

Splunk Configuration Files

Question 6

Splunk User Management

Question 7

Monitor Inputs

Question 8

Splunk Authentication Management

Question 9

Getting Data In

Question 10

Parsing Phase and Data

Question 11

Distributed Search

Question 12

Splunk Authentication Management

Question 13

Distributed Search

Question 14

Splunk Configuration Files

Question 15

Forwarder Management

Question 16

Distributed Search

Question 17

Network and Scripted Inputs

Question 18

Splunk Indexes

Question 19

Monitor Inputs

Question 20

Splunk Admin Basics

Question 21

Splunk Configuration Files

Question 22

Splunk Configuration Files

Question 23

Configuring Forwarders

Question 24

Distributed Search

Question 25

License Management

Page 1 of 9 • Questions 1-25 of 204

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Where should apps be located on the deployment server that the clients pull from?

A $SPLUNK_HOME/etc/apps
B $SPLUNK_HOME/etc/search
C $SPLUNK_HOME/etc/master-apps
D $SPLUNK_HOME/etc/deployment-apps

To set up a network input in Splunk, what needs to be specified?

A File path.
B Username and password.
C Network protocol and port number.
D Network protocol and MAC address.

Which of the following statements describe deployment management? (Choose all that apply.)

A Requires an Enterprise license.
B Is responsible for sending apps to forwarders.
C Once used, is the only way to manage forwarders.
D Can automatically restart the host OS running the forwarder.

During search time, which directory of configuration files has the highest precedence?

A $SPLUNK_HOME/etc/system/local
B $SPLUNK_HOME/etc/system/default
C $SPLUNK_HOME/etc/apps/app1/local
D $SPLUNK_HOME/etc/users/admin/local

Question 6

Splunk User Management

Question 7

Monitor Inputs

Question 8

Splunk Authentication Management

Question 9

Getting Data In

Question 10

Parsing Phase and Data

Question 11

Distributed Search

Question 12

Splunk Authentication Management

Question 13

Distributed Search

Question 14

Splunk Configuration Files

Question 15

Forwarder Management

Question 16

Distributed Search

Question 17

Network and Scripted Inputs

Question 18

Splunk Indexes

Question 19

Monitor Inputs

Question 20

Splunk Admin Basics

Question 21

Splunk Configuration Files

Question 22

Splunk Configuration Files

Question 23

Configuring Forwarders

Question 24

Distributed Search

Question 25

License Management

What options are available when creating custom roles? (Choose all that apply.)

A Restrict search terms.
B Whitelist search terms.
C Limit the number of concurrent search jobs.
D Allow or restrict indexes that can be searched.

Which of the following statements apply to directory inputs? (Choose all that apply.)

A All discovered text files are consumed.
B Compressed files are ignored by default.
C Splunk recursively traverses through the directory structure.
D When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.

Which of the following authentication types requires scripting in Splunk?

A ADFS
B LDAP
C SAML
D RADIUS

Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?

A Any OS platform.
B Linux platform only.
C Windows platform only.
D None of the above.

In this sourcetype definition the MAX_TIMESTAMP_LOOKAHEAD is missing. Which value would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d4-\d2-\d2 \d2:\d2:\d2

SHOULD_LINEMERGE = false -

TRUNCATE = 0 -
Event example:
2018-04-13 13:42:41.214 -0500 server sshd[26219]: Connection from 172.0.2.60 port 47366

A MAX_TIMESTAMP_LOOKAHEAD = 5
B MAX_TIMESTAMP_LOOKAHEAD = 10
C MAX_TIMESTAMP_LOOKAHEAD = 20
D MAX_TIMESTAMP_LOOKAHEAD = 30

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

A Indexers
B Forwarder
C Search head
D Search peers

How often does Splunk recheck the LDAP server?

A Every 5 minutes.
B Each time a user logs in.
C Each time Splunk is restarted.
D Varies based on LDAP_refresh setting.

Which of the following apply to how distributed search works? (Choose all that apply.)

A The search head dispatches searches to the peers.
B The search peers pull the data from the forwarders.
C Peers run searches in parallel and return their portion of results.
D The search head consolidates the individual results and prepares reports.

You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list `"-debug. What will the output be?

A A list of all the configurations on-disk that Splunk contains.
B A verbose list of all configurations as they were when splunkd started.
C A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
D A list of the current running props.conf configurations along with a file path from which the configuration was made.

How does the Monitoring Console monitor forwarders?

A By pulling internal logs from forwarders.
B By using the forwarder monitoring add-on.
C With internal logs forwarded by forwarders.
D With internal logs forwarded by deployment server.

Which of the following is a valid distributed search group?

A [distributedSearch:Paris] default = false servers = server1, server2
B [searchGroup:Paris] default = false servers = server1:8089, server2:8089
C [searchGroup:Paris] default = false servers = server1:9997, server2:9997
D [distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Which of the following are supported options when configuring optional network inputs?

A Metadata override, sender filtering options, network input queues (quantum queues)
B Metadata override, sender filtering options, network input queues (memory/persistent queues)
C Filename override, sender filtering options, network output queues (memory/persistent queues)
D Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Which setting in indexes.conf allows data retention to be controlled by time?

A maxDaysToKeep
B moveToFrozenAfter
C maxDataRetentionTime
D frozenTimePeriodInSecs

This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?

A /var/log/messages
B /var/log/maillog
C /var/log/maillog and /var/log/messages
D none of the above

What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

A Disk
B CPUs
C Memory
D Network interface cards

In which Splunk configuration is the SEDCMD used?

A props.conf
B inputs.conf
C indexes.conf
D transforms.conf

Which parent directory contains the configuration files in Splunk?

A $SPLUNK_HOME/etc
B $SPLUNK_HOME/var
C $SPLUNK_HOME/conf
D $SPLUNK_HOME/default

Which forwarder type can parse data prior to forwarding?

A Universal forwarder
B Heaviest forwarder
C Hyper forwarder
D Heavy forwarder

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

A Deployer
B Cluster master
C Deployment server
D Search head cluster master

In which phase of the index time process does the license metering occur?

A Input phase
B Parsing phase
C Indexing phase
D Licensing phase

Join Us Among the Stars

SPLK-1003Preview

About the SPLK-1003 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25