Scribd
Upload
370 views3 pages

SPLK 1003

This document contains 7 questions and answers from the Splunk Enterprise Certified Admin certification exam. The questions cover topics like data retention settings in indexes.conf, capabilities of the universal forwarder, conflict resolution between whitelist and blacklist input settings, where SEDCMD is used, supported configuration methods for adding inputs on a forwarder, the parent directory containing Splunk configuration files, and the forwarder type that can parse data prior to forwarding.

Uploaded by

fatou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
370 views3 pages

SPLK 1003

This document contains 7 questions and answers from the Splunk Enterprise Certified Admin certification exam. The questions cover topics like data retention settings in indexes.conf, capabilities of the universal forwarder, conflict resolution between whitelist and blacklist input settings, where SEDCMD is used, supported configuration methods for adding inputs on a forwarder, the parent directory containing Splunk configuration files, and the forwarder type that can parse data prior to forwarding.

Uploaded by

fatou
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Splunk

SPLK-1003
Splunk Enterprise Certified Admin

QUESTION & ANSWERS

https://www.genuinedumps.com/SPLK-1003-exam-questions.html
Version: 8.1
Question: 1

Which setting in indexes. conf allows data retention to be controlled by time?

A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodlnSecs

Answer: D

Question: 2

The universal forwarder has which capabilities when sending data? (select all that apply)

A. Sending alerts
B. Compressing data
C. Obfuscating/hiding data
D. Indexer acknowledgement

Answer: BD

Question: 3

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whichever is entered into the configuration first.

Answer: A

Question: 4

In which Splunk configuration is the SEDCMD used?

A. props, conf
B. inputs.conf
C. indexes.conf

https://www.genuinedumps.com/SPLK-1003-exam-questions.html
D. transforms.conf

Answer: A

Question: 5

Which of the following are supported configuration methods to add inputs on a forwarder? (select all
that apply)

A. CLI
B. Edit inputs . conf
C. Edit forwarder.conf
D. Forwarder Management

Answer: ABD

Question: 6

Which parent directory contains the configuration files in Splunk?

A. SSFLUNK_KOME/etc
B. SSPLUNK_HCME/var
C. SSPLUNK_HOME/conf
D. SSPLUNK_HOME/default

Answer: A

Question: 7

Which forwarder type can parse data prior to forwarding?

A. Universal forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder

Answer: D

https://www.genuinedumps.com/SPLK-1003-exam-questions.html

You might also like