Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SPLK-1005 by Splunk - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 51

1 2 3

→

Know a question that should be here? Contribute to this exam

A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchases/transactions.log that has the following format:
2020-01-01 00:01:20 User=bob SuperSecretNumber=123456789012 Operation=purchase
2020-01-01 16:15:32 User=alice SuperSecretNumber=123456789012 Operation=purchase
Which of the stanzas below will achieve this?

A
B
C
D

Which of the following is correct in regard to configuring a Universal Forwarder as an Intermediate Forwarder?

A This can only be turned on using the Settings > Forwarding and Receiving menu in Splunk Web/UI.
B The configuration changes can be made using Splunk Web, CLI, directly in configuration files, or via a deployment app.
C The configuration changes can be made using CLI, directly in configuration files, or via a deployment app.
D It is only possible to make this change directly in configuration files or via a deployment app.

In case of a Change Request, which of the following should submit a support case for Splunk Support?

A The party requesting the change.
B Certified Splunk Cloud administrator.
C Splunk infrastructure owner.
D Any person with the appropriate entitlement.

Which of the following statements is true about data transformations using SEDCMD?

A Can only be used to mask or truncate raw data.
B Configured in props.conf and transforms.conf.
C Can be used to manipulate the sourcetype per event.
D Operates on a REGEX pattern match of the source, sourcetype, or host of an event.

Which of the following is the default bandwidth limit in the Splunk Universal Forwarder credentials package?

A 0 KBps
B 256 KBps
C 512 KBps
D 1024 KBps

By default, which of the following capabilities are granted to the sc_admin role?

A indexes_edit, edit_token_http, admin_all_objects, delete_by_keyword
B indexes_edit, fsh_manage, acs_conf, list_indexerdiscovery
C indexes_edit, fsh_manage, admin_all_objects, can_delete
D indexes_edit, edit_token_http, admin_all_objects, edit_limits_conf

Which of the following takes place during the input phase?

A Splunk annotates data with only 3 metadata keys: host, source, and sourcetype.
B Splunk sets the character encoding of the data.
C Splunk looks at the contents of the data to apply the correct source.
D Splunk breaks data into individual lines.

What syntax is required in inputs.conf to ingest data from files or directories?

A A monitor stanza, sourcetype, and index is required to ingest data.
B A monitor stanza, sourcetype, index, and host is required to ingest data.
C A monitor stanza and sourcetype is required to ingest data.
D Only the monitor stanza is required to ingest data.

Which file or folder below is not a required part of a deployment app?

A app.conf (in default or local)
B local.meta
C metadata folder
D props.conf

Where does the regex-replacement processor run?

A Merging pipeline
B Typing pipeline
C Index pipeline
D Parsing pipeline

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

A Any token will be accepted by HEC, the data may just end up in the wrong index.
B A token is generated when configuring a HEC input, which should be provided to the application developers.
C Obtain a token from the organization’s application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.
D Open a support case for each new data input and a token will be provided.