SPLK-1003 exam

Within props. conf, which stanzas are valid for data modification? (select all that apply)A . HostB . ServerC . SourceD . SourcetypeView AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec

In case of a conflict between a whitelist and a blacklist input setting, which one is used?A . BlacklistB . WhitelistC . They cancel each other out.D . Whichever is entered into the configuration first.View AnswerAnswer: A Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.4/Data/Whitelistorblacklistspecificincomingdat a "It is not necessary to define both an allow list...

Which of the following indexes come pre-configured with Splunk Enterprise? (select all that apply)A . _licenseB . _lnternalC . _externalD . _thefishbucketView AnswerAnswer: BD Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.5/Indexer/Howindexingworks

To set up a Network input in Splunk, what needs to be specified'?A . File path.B . Username and passwordC . Network protocol and port number.D . Network protocol and MAC address.View AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Monitornetworkports

Authentication Granted 6 Log into SplunkView AnswerAnswer: C Explanation: Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk Scroll down to the Network Diagram section and note the following 6 similar steps 1 - SPlunk connection initiated 2 - Primary authentication 3 - Splunk connection established to Duo Security over TCP port...

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?A . DeployerB . Cluster masterC . Deployment serverD . Search head cluster masterView AnswerAnswer: C Explanation: https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: "The deployment server distributes deployment apps to clients."

Which of the following is valid distribute search group? A) B) C) D) A . option AB . Option BC . Option CD . Option DView AnswerAnswer: D

What options are available when creating custom roles? (select all that apply)A . Restrict search termsB . Whitelist search termsC . Limit the number of concurrent search jobsD . Allow or restrict indexes that can be searched.View AnswerAnswer: ACD Explanation: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits "Set limits for concurrent scheduled searches. You must have...

During search time, which directory of configuration files has the highest precedence?A . $SFLUNK_KOME/etc/system/localB . $SPLUNK_KCME/etc/system/defaultC . $SPLUNK_HCME/etc/apps/app1/localD . $SPLUNK HCME/etc/users/admin/localView AnswerAnswer: D Explanation: Adding further clarity and quoting same Splunk reference URL from @giubal" "To keep configuration settings consistent across peer nodes, configuration files are managed from the cluster...

In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?A . To ensure that hot buckets are still open for writes and have not been forced to roll to a cold stateB . To ensure that configuration files have not been tampered with...