SPLK-1003 Online Practice Questions and Answers
Questions 4
Which of the following is valid distribute search group?
A. option A
B. Option B
C. Option C
D. Option D
Questions 5
How often does Splunk recheck the LDAP server?
A. Every 5 minutes
B. Each time a user logs in
C. Each time Splunk is restarted
D. Varies based on LDAP_refresh setting.
Questions 6
Which Splunk component performs indexing and responds to search requests from the search head?
A. Forwarder
B. Search peer
C. License master
D. Search head cluster
Questions 7
Which of the following are required when defining an index in indexes. conf? (select all that apply)
A. coldPath
B. homePath
C. frozenPath
D. thawedPath
Questions 8
Which configuration file would be used to forward the Splunk internal logs from a search head to the indexer?
A. props.conf
B. inputs.conf
C. outputs.conf
D. collections.conf
Questions 9
Which of the following accurately describes HTTP Event Collector indexer acknowledgement?
A. It requires a separate channel provided by the client.
B. It is configured the same as indexer acknowledgement used to protect in-flight data.
C. It can be enabled at the global setting level.
D. It stores status information on the Splunk server.
Questions 10
What action is required to enable forwarder management in Splunk Web?
A. Navigate to Settings > Server Settings > General Settings, and set an App server port.
B. Navigate to Settings > Forwarding and receiving, and click on Enable Forwarding.
C. Create a server class and map it to a client in SPLUNK_HOME/etc/system/local/serverclass.conf.
D. Place an app in the SPLUNK_HOME/etc/deployment-apps directory of the deployment server.
Questions 11
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?
A. followTail = -45d
B. ignore = 45d
C. includeNewerThan = 45d
D. ignoreOlderThan = 45d
Questions 12
An add-on has configured field aliases for source IP address and destination IP address fields. A specific user prefers not to have those fields present in their user context. Based on the default props.conf below, which SPLUNK_HOME/ etc/ users/buttercup/myTA/local/props.conf stanza can be added to the user's local context to disable the field aliases?
A. Option A
B. Option B
C. Option C
D. Option D
Questions 13
Which of the following Splunk components require a separate installation package?
A. Deployment server
B. License master
C. Universal forwarder
D. Heavy forwarder
Home | About Us | Contact Us | FAQ | Guarantee Policy | Terms & Conditions | Privacy Policy
Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners.
Copyright © 2004-2024 pass2lead.com, All Rights Reserved.