SPLK-1003 - System Admin Exam 2023, Complete Verified Solution
1 view 0 purchase
Course
SPLK-1003 - System Admin
Institution
SPLK-1003 - System Admin
SPLK-1003 - System Admin Exam 2023, Complete Verified Solution
Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)
A. i
B.
C.
D. I
B.
D.
Which setting in allows data retention to be controlled by time?
A. frozenTimePeriodInSecs
...
SPLK-1003 - System Admin Exam 2023,
Complete Verified Solution
Which of the following configuration files are used with a universal forwarder?
(Choose all that apply.)
A. forwarder.conf i
B. outputs.conf
C. monitor.conf
D. Inputs.conf
B. outputs.conf
D. inputs.conf
Which setting in indexes.conf allows data retention to be controlled by time?
A. frozenTimePeriodInSecs
B. maxDaysToKeep
C. maxDataRetentionTime
D. moveToFrozenAfter
A. frozenTimePeriodInSecs
The universal forwarder has which capabilities when sending data? (Choose all
that apply.)
A. Obfuscating/hiding data
B. Indexer acknowledgement
C. Compressing data
D. Sending alerts
B. Indexer acknowledgement
In case of a conflict between a whitelist and a blacklist input setting, which one is
used?
A. Whichever is entered into the configuration first.
B. Whitelist
C. They cancel each other out.
D. Blacklist
D. Blacklist
In which Splunk configuration is the SEDCMD used?
A. inputs.conf
B. transforms.conf
C. props.conf
D. indexes.conf
C. props.conf
Which of the following are supported configuration methods to add inputs on a
forwarder? (Choose all that apply.)
A. Edit forwarder.conf
B. Forwarder Management
C. Edit inputs.conf
D. CLI
C. Edit inputs.conf
D. CLI
,Which forwarder type can parse data prior to forwarding?
A. Universal forwarder
B. Hyper forwarder
C. Heavy forwarder
D. Heaviest forwarder
C. Heavy forwarder
Which parent directory contains the configuration files in Splunk?
A. $SPLUNK_HOME/etc
B.$SPLUNK_HOME/var
C. $SPLUNK_HOME/conf
D. $SPLUNK_HOME/default
A. $SPLUNK_HOME/etc
Which Splunk component consolidates the individual results and prepares
reports in a distributed environment?
A. Indexers
B. Forwarder
C. Search Head
D. Search Peers
C. Search Head
Where should apps be located on the deployment server that the clients pull
from:
A. SPLUNK_HOME/deployment-apps
B. SPLUNK_HOME/etc/apps
C. SPLUNK_HOME/master-apps
D. SPLUNK_HOME/etc/search
A. SPLUNK_HOME/deployment-apps
Which Splunk component distributes apps and certain other configuration
updates to search head cluster members?
A. Cluster Master
B. Search head cluster master
C. Deployment Server
D. Deployer
A. Deployer
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
(monitor:///var/log/messagesl
sourcetypesyslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a
deployment server and deploys the same app with a new inputs.conf
file:
/opt/splunk/etc/deployment-apps/myJA/local/inputs.conf
(monitor:///var/log/maillogl
sourcetype=maillog
index=syslog
, Which file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages
D. none of the above
B. /var/log/maillog
In which phase of the index time process does the license metering occur?
A. Input phase
B. Parsing phase
C. Indexing phase
D. Licensing phase
C. Indexing phase
You update a props.conf file while Splunk Is running. You do not restart Splunk
and you run this command: splunk btool props list .debug. What
will the output be?
A. A list of props.conf configurations as they are on-disk along with a file path
from which the configuration is located.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of the current running props.conf configurations along with a file path
from which the configuration was made.
D. A list of all the configurations on-disk that Splunk contains.
A. A list of props.conf configurations as they are on-disk along with a file path from
which the configuration is located.
When running the command shown below, what is the default path in which
deploymentserver.conf is created? splunk set deploy.poll
deployserver:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C.t
B. SPLUNK_HOME/etc/system/local
The priority of layered Splunk configuration files depends on the flles:
A. Creation time
8. Context
C. Owner
D. Weight
B. Context
When configuring monitor inputs with whitelists or blacklists, what is the
supported method of filtering the lists?
A. Slash notation
B. Regular expression
C. Irregular expression
D. Wildcardonly expression
B. Regular expression
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.00. You're not tied to anything after your purchase.
