Download Splunk Enterprise Certified Admin.SPLK-1003.TestInside.2019-09-17.36q.vcex
| Vendor: | Splunk |
| Exam Code: | SPLK-1003 |
| Exam Name: | Splunk Enterprise Certified Admin |
| Date: | Sep 17, 2019 |
| File Size: | 22 KB |
| Downloads: | 2 |
How to open VCEX files?
Files with VCEX extension can be opened by ProfExam Simulator.
Discount: 20%
Demo Questions
Question 1
Which setting in indexes.conf allows data retention to be controlled by time?
- maxDaysToKeep
- moveToFrozenAfter
- maxDataRetentionTime
- frozenTimePeriodInSecs
Correct answer: D
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/SmartStoredataretention Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/SmartStoredataretention
Question 2
The universal forwarder has which capabilities when sending data? (Select all that apply.)
- Sending alerts
- Compressing data
- Obfuscating/hiding data
- Indexer acknowledgement
Correct answer: D
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders
Question 3
In which Splunk configuration is the SEDCMD used?
- props.conf
- inputs.conf
- indexes.conf
- transforms.conf
Correct answer: A
Explanation:
Reference: https://answers.splunk.com/answers/212128/why-sedcmd-configured-in-propsconf-is-working-duri.html Reference: https://answers.splunk.com/answers/212128/why-sedcmd-configured-in-propsconf-is-working-duri.html
Question 4
Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)
- CLI
- Edit inputs.conf
- Edit forwarder.conf
- Forwarder Management
Correct answer: B
Explanation:
Reference: https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/Configuretheuniversalforwarder Reference: https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/Configuretheuniversalforwarder
Question 5
Which parent directory contains the configuration files in Splunk?
- $SPLUNK_HOME/etc
- $SPLUNK_HOME/var
- $SPLUNK_HOME/conf
- $SPLUNK_HOME/default
Correct answer: A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories
Question 6
Which forwarder type can parse data prior to forwarding?
- Universal forwarder
- Heaviest forwarder
- Hyper forwarder
- Heavy forwarder
Correct answer: D
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders
Question 7
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
- Deployer
- Cluster master
- Deployment server
- Search head cluster master
Correct answer: A
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges
Question 8
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?
- /var/log/messages
- /var/log/maillog
- /var/log/maillog and /var/log/messages
- none of the above
Correct answer: C
Question 9
In which phase of the index time process does the license metering occur?
- Input phase
- Parsing phase
- Indexing phase
- Licensing phase
Correct answer: C
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks
Question 10
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list –-debug. What will the output be?
- A list of all the configurations on-disk that Splunk contains.
- A verbose list of all configurations as they were when splunkd started.
- A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
- A list of the current running props.conf configurations along with a file path from which the configuration was made.
Correct answer: D
Explanation:
Reference: https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html Reference: https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html
HOW TO OPEN VCE FILES
Use VCE Exam Simulator to open VCE files
HOW TO OPEN VCEX AND EXAM FILES
Use ProfExam Simulator to open VCEX and EXAM files
ProfExam at a 20% markdown
You have the opportunity to purchase ProfExam at a 20% reduced price
Get Now!