SPLK-1003

Which forwarder type can parse data prior to forwarding?A . Universal forwarderB . Heaviest forwarderC . Hyper forwarderD . Heavy forwarderView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders

In which Splunk configuration is the SEDCMDused?A . props.confB . inputs.confC . indexes.confD . transforms.confView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/212128/why-sedcmd-configured-in-propsconf-is-working­duri.html

In which phase of the index time process does the license metering occur?A . Input phaseB . Parsing phaseC . Indexing phaseD . Licensing phaseView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks

When running the command shown below, what is the default path in which deploymentserver.conf is created? splunk set deploy-poll deployServer:portA . SPLUNK_HOME/etc/deploymentB . SPLUNK_HOME/etc/system/localC . SPLUNK_HOME/etc/system/defaultD . SPLUNK_HOME/etc/apps/deploymentView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients

In case of a conflict between a whitelist and a blacklist input setting, which one is used?A . BlacklistB . WhitelistC . They cancel each other out.D . Whichever is entered into the configuration first.View AnswerAnswer: A Explanation: Reference: https://www.google.com/url? sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=2ahUKEwj0r6Lso6bkAhUqxYUKHbWlDz4QFjAHegQIAxAC&url=http%3A%2F%2Fsplunk.training%2Fshowpdf.asp%3Fdata%3D789BB6B10C1B4376B548D711B4377F3F4B511B437805A8EC11B437742EA8F11B43779B6FA211B4376EA657C11B4376FC19B311B4377E2407E11B43730AF97411B4377F3F4B511B437742EA8F11B43779B6FA211B43771F822111B437731365811B43730AF97411B437789BB6B11B4376B548D711B4377F3F4B511B437805A8EC11B437742EA8F11B43779B6FA211B4376EA657C11B4376FC19B311B4377E2407E11B43732E61E211B4377F3F4B511B437742EA8F11B43779B6FA211B43771F822111B437731365811B43746D0DC011B4377549EC611B4377BED81011B437789BB6B11B4376D8B14511B437731365811B4376B548D711B4377F3F4B511B4376FC19B311B43732E61E211B4376D8B14511B4377AD23D911B437789BB6B11B43730AF97411B4373989B2C11B437386E6F511B437386E6F511B4373DF6C0811B43737532BE11B4373BC039A11B437351CA5011B43737532BE11B43730AF97411B4375BD6DD511B43730AF97411B437564E8C211B43730AF97411B437%257C2318D1%257C11649A&usg=AOvVaw2e9s­JweivuCkqTb4-Y9uW

The priority of layered Splunk configuration files depends on the file’s:A . OwnerB . WeightC . ContextD . Creation timeView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)A . CLIB . Edit inputs.confC . Edit forwarder.confD . Forwarder ManagementView AnswerAnswer: AB Explanation: Reference: https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/HowtoforwarddatatoSplunkEnterprise#Define_inputs_on_the_universal_forwarder_with_configuration_files

Which parent directory contains the configuration files in Splunk?A . $SPLUNK_HOME/etcB . $SPLUNK_HOME/varC . $SPLUNK_HOME/confD . $SPLUNK_HOME/defaultView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories

Where should apps be located on the deployment server that the clients pull from?A . $SPLUNK_HOME/etc/appsB . $SPLUNK_HOME/etc/searchC . $SPLUNK_HOME/etc/master-appsD . $SPLUNK_HOME/etc/deployment-appsView AnswerAnswer: A Explanation: Reference: https://answers.splunk.com/answers/371099/how-to-configure-deployment-apps-to-push-to­client.html

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?A . IndexersB . ForwarderC . Search headD . Search peersView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Advancedindexingstrategy