Splunk Enterprise Certified Admin v1.0

Page:    1 / 7   
Exam contains 98 questions

What is the default character encoding used by Splunk during the input phase?

  • A. UTF-8
  • B. UTF-16
  • C. EBCDIC
  • D. ISO 8859


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

Which of the following enables compression for universal forwarders in outputs.conf?

  • A. [udpout:mysplunk_indexer11] compression=true
  • B. [tcpout] defaultGroup=my_indexers compressed=true
  • C. /opt/splunkforwarder/bin/splunk enable compression
  • D. [tcpount:my_indexers] server=mysplunk_indexer1:9997, mysplunk_indexer2:9997 decompression=false


Answer : B

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Outputsconf

User role inheritance allows what to be inherited from the parent role? (Choose all that apply.)

  • A. Parents
  • B. Capabilities
  • C. Index access
  • D. Search history


Answer : B

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

Which of the following statements apply to directory inputs? (Choose all that apply.)

  • A. All discovered text files are consumed.
  • B. Compressed files are ignored by default.
  • C. Splunk recursively traverses through the directory structure.
  • D. When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.


Answer : C

Reference:
https://answers.splunk.com/answers/133875/recursive-monitoring-of-directories.html

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

  • A. [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089
  • B. [distributedSearch] servers =nyc1, nyc2, houston1, houston2 [distributedSearch:NYC] default = false servers = nyc1, nyc2 [distributedSearch:HOUSTON] default = false servers = houston1, houston2
  • C. [distributedSearch] servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089, houston2:8089
  • D. [distributedSearch] servers =nyc1:8089; nyc2:80893; houston1:8089; houston2:8089 [distributedSearch:NYC] default = false servers = nyc1:8089; nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:80897706; houston2:80898350


Answer : B

Which of the following is a valid distributed search group?

  • A. [distributedSearch:Paris] default = false servers = server1, server2
  • B. [searchGroup:Paris] default = false servers = server1:8089, server2:8089
  • C. [searchGroup:Paris] default = false servers = server1:9997, server2:9997
  • D. [distributedSearch:Paris] default = false servers = server1:8089; server2:8089


Answer : D

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Distributedsearchgroups

Local user accounts created in Splunk store passwords in which file?

  • A. $SPLUNK_HOME/etc/passwd
  • B. $SPLUNK_HOME/etc/authentication
  • C. $SPLUNK_HOME/etc/users/passwd.conf
  • D. $SPLUNK_HOME/etc/users/authentication.conf


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/User-seedconf

For single line event sourcetypes, it is most efficient to set SHOULD_LINEMERGE to what value?

  • A. True
  • B. False
  • C. <regex string>
  • D. Newline Character


Answer : B

Reference:
https://answers.splunk.com/answers/704533/what-are-the-best-practices-for-defining-source-ty.html

Which Splunk component does a search head primarily communicate with?

  • A. Indexer
  • B. Forwarder
  • C. Cluster master
  • D. Deployment server


Answer : A

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/InheritedDeployment/Deploymenttopology

Which layers are involved in Splunk configuration file layering? (Choose all that apply.)

  • A. App context
  • B. User context
  • C. Global context
  • D. Forwarder context


Answer : ABC

Which of the following are methods for adding inputs in Splunk? (Choose all that apply.)

  • A. CLI
  • B. Splunk Web
  • C. Editing inpits.conf
  • D. Editing monitor.conf


Answer : AB

Reference:
http://dev.splunk.com/view/dev-guide/SP-CAAAE3A

Which of the following authentication types requires scripting in Splunk?

  • A. ADFS
  • B. LDAP
  • C. SAML
  • D. RADIUS


Answer : D

Reference:
https://answers.splunk.com/answers/131127/scripted-authentication.html

Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

  • A. A token-based HTTP input that is secure and scalable and that requires the use of forwarders.
  • B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.
  • C. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.
  • D. A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.


Answer : B

Reference:
http://dev.splunk.com/view/event-collector/SP-CAAAE6M

What is the difference between the two wildcards ... and * for the monitor stanza in inputs.conf?

  • A. ... is not supported in monitor stanzas.
  • B. There is no difference, they are interchangeable and match anything beyond directory boundaries.
  • C. * matches anything in that specific directory path segment, whereas ... recurses through subdirectories as well.
  • D. ... matches anything in that specific directory path segment, whereas * recurses through subdirectories as well.


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.0/Data/Specifyinputpathswithwildcards

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?

  • A. License data
  • B. Metrics data
  • C. Internal Splunk data
  • D. Internal Windows logs


Answer : B

Reference:
https://answers.splunk.com/answers/581441/how-is-the-splunk-license-measured.html

Page:    1 / 7   
Exam contains 98 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.