SPLK-1003 V1

Local user accounts created in Splunk store passwords in which file?A . $ SFLUNK_HOME/etc/passwdB . $ SFLUNK_HOME/etc/authenticationC . $ SPLUNK_HOME/etc/users/passwd.confD . $ SPLUNK HOME/etc/users/authentication.confView AnswerAnswer: A Explanation: Per the provided reference URL https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/User-seedconf "To set the default username and password, place user-seed.conf in $SPLUNK_HOME/etc/system/local. You must restart Splunk to enable...

Which additional component is required for a search head cluster?A . DeployerB . Cluster MasterC . Monitoring ConsoleD . Management ConsoleView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/DistSearch/SHCdeploymentoverview The deployer. This is a Splunk Enterprise instance that distributes apps and other configurations to the cluster members. It stands outside the cluster and...

Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?A . Any OS platformB . Linux platform onlyC . Windows platform only.D . None of the above.View AnswerAnswer: A Explanation: "The forwarder/indexer relationship can be considered platform agnostic (within the sphere of supported platforms)...

Which of the following are available input methods when adding a file input in Splunk Web? (Choose all that apply.)A . Index once.B . Monitor interval.C . On-demand monitor.D . Continuously monitor.View AnswerAnswer: AD Explanation: https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/Howdoyouwanttoadddata The fastest way to add data to your Splunk Cloud instance or Splunk Enterprise...

Where should apps be located on the deployment server that the clients pull from?A . $SFLUNK_KOME/etc/appsB . $SPLUNK_HCME/etc/sear:chC . $SPLUNK_HCME/etc/master-appsD . $SPLUNK HCME/etc/deployment-appsView AnswerAnswer: D Explanation: After an app is downloaded, it resides under $SPLUNK_HOME/etc/apps on the deployment clients. But it resided in the $SPLUNK_HOME/etc/deployment-apps location in the deployment server.

User role inheritance allows what to be inherited from the parent role? (select all that apply)A . ParentsB . CapabilitiesC . Index accessD . Search historyView AnswerAnswer: BC Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Security/Aboutusersandroles#Role_inheritance https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?A . License dataB . MetricsdataC . Internal Splunk dataD . Internal Windows logsView AnswerAnswer: B

Which of the following enables compression for universal forwarders in outputs. conf? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: B Explanation: https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf # Compression # # This example sends compressed events to the remote indexer. # NOTE: Compression can...

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec