SPLK-1003 V1

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Which is a valid stanza for a network input?A . [udp://172.16.10.1:9997] connection = dns sourcetype = dnsB . [any://172.16.10.1:10001] connection_host = ip sourcetype = webC . [tcp://172.16.10.1:9997] connection_host = web sourcetype = webD . [tcp://172.16.10.1:10001] connection_host = dns sourcetype = dnsView AnswerAnswer: D Explanation: https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/Monitornetworkports Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2006/Data/Bypassautomaticsourcetypeassignment

Which parent directory contains the configuration files in Splunk?A . SSFLUNK_HOME/etcB . SSPLUNK_HOME/varC . SSPLUNK_HOME/confD . SSPLUNK_HOME/defaultView AnswerAnswer: A Explanation: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories Section titled, Configuration file directories, states "A detailed list of settings for each configuration file is provided in the .spec file names for that configuration file. You can find...

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Which valid bucket types are searchable? (select all that apply)A . Hot bucketsB . Cold bucketsC . Warm bucketsD . Frozen bucketsView AnswerAnswer: ABC Explanation: Hot/warm/cold/thawed bucket types are searchable. Frozen isn't searchable because its either deleted at that state or archived.

Which Splunk component requires a Forwarder license?A . Search headB . Heavy forwarderC . Heaviest forwarderD . Universal forwarderView AnswerAnswer: B

How can native authentication be disabled in Splunk?A . Remove the $SPLUNK_HOME/etc/passwd fileB . Create an empty $SPLUNK_HOME/etc/passwd fileC . Set SPLUNK_AUTHENTICATION=false in splunk-launch.confD . Set nativeAuthentication=false in authentication.confView AnswerAnswer: B Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Secureyouradminaccount

When are knowledge bundles distributed to search peers?A . After a user logs in.B . When Splunk is restarted.C . When adding a new search peer.D . When a distributed search is initiated.View AnswerAnswer: D Explanation: "The search head replicates the knowledge bundle periodically in the background or when initiating...