Scribd
Upload
327 views5 pages

SPLK 1003

This document contains 9 multiple choice questions about configuring and administering Splunk. It covers topics like data retention settings in indexes.conf, the output of the splunk btool props list command, enabling compression in outputs.conf, valid input types for file monitors in Splunk Web, options for custom roles, valid network input stanzas, role aggregation features, masking PII like social security numbers in event data, and configuration files used by the Universal Forwarder. The questions are taken from practice tests for the Splunk Enterprise Certified Admin certification.

Uploaded by

PRAGATI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
327 views5 pages

SPLK 1003

This document contains 9 multiple choice questions about configuring and administering Splunk. It covers topics like data retention settings in indexes.conf, the output of the splunk btool props list command, enabling compression in outputs.conf, valid input types for file monitors in Splunk Web, options for custom roles, valid network input stanzas, role aggregation features, masking PII like social security numbers in event data, and configuration files used by the Universal Forwarder. The questions are taken from practice tests for the Splunk Enterprise Certified Admin certification.

Uploaded by

PRAGATI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Splunk

SPLK-1003
Splunk Enterprise Certified Admin
QUESTION & ANSWERS

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html
QUESTION 1

Which setting in indexes.conf allows data retention to be controlled by time?


A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodInSecs

Correct Answer: D

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/SmartStoredataretention

QUESTION 2

You update a props.conf file while Splunk is running. You do not restart Splunk and you run this
command: splunk btool props list –-debug. What will the output be?
A. A list of all the configurations on-disk that Splunk contains.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of props.conf configurations as they are on-disk along with a file path from which the
configuration is located.
D. A list of the current running props.conf configurations along with a file path from which the
configuration was made.

Correct Answer: D

Explanation/Reference:

Reference: https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-
simpleprecedence.html

QUESTION 3

Which of the following enables compression for universal forwarders in outputs.conf?


A. [udpout:mysplunk_indexer11]compression=true
B. [tcpout]defaultGroup=my_indexerscompressed=true
C. /opt/splunkforwarder/bin/splunk enable compression
D. [tcpount:my_indexers] server=mysplunk_indexer1:9997,
mysplunk_indexer2:9997decompression=false

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html
Correct Answer: B

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Outputsconf

QUESTION 4

Which of the following are available input methods when adding a file input in Splunk Web? (Choose
all that apply.)
A. Index once.
B. Monitor interval.
C. On-demand monitor.
D. Continuously monitor.

Correct Answer: D

QUESTION 5

What options are available when creating custom roles? (Choose all that apply.)
A. Restrict search terms.
B. Whitelist search terms.
C. Limit the number of concurrent search jobs.
D. Allow or restrict indexes that can be searched.

Correct Answer: A,D

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Aboutusersandroles

QUESTION 6

Which is a valid stanza for a network input?


A. [udp://172.16.10.1:9997] connection = dns sourcetype = dns
B. [any://172.16.10.1:10001] connection_host = ip sourcetype = web
C. [tcp://172.16.10.1:9997] connection_host = web sourcetype = web
D. [tcp://172.16.10.1:10001] connection_host = dns sourcetype = dns

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html
Correct Answer: C

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2006/Data/
Bypassautomaticsourcetypeassignment

QUESTION 7

Which feature of Splunk’s role configuration can be used to aggregate multiple roles intended for
groups of users?
A. Linked roles
B. Grantable roles
C. Role federation
D. Role inheritance

Correct Answer: D

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Aboutusersandroles

QUESTION 8

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format
is
as follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?
A. props.conf[mask-SSN]REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-##-
$2KEY = _raw
B. props.conf[mask-SSN]REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-
##-$2DEST_KEY = _raw
C. transforms.conf[mask-SSN]REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT = $1###-
##-$2DEST_KEY = _raw
D. transforms.conf[mask-SSN]REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"FORMAT =
$1###-##-$2DEST_KEY = _raw

Correct Answer: B

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html
Explanation/Reference:

Reference: https://community.splunk.com/t5/Archive/How-to-mask-SSN-into-our-logs-going-into-
Splunk/tdp/433035

QUESTION 9

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
A. inputs.conf
B. monitor.conf
C. outputs.conf
D. forwarder.conf

Correct Answer: A,C

Explanation/Reference:

Reference: https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/
Configuretheuniversalforwarder

https://www.dumpslink.com/SPLK-1003-pdf-dumps.html

You might also like