Exam (elaborations)
SPLUNK ADMIN QUESTIONS AND ANSWERS
- Course
- Institution
SPLUNK ADMIN QUESTIONS AND ANSWERS
[Show more]
Content preview
SPLUNK ADMIN QUESTIONS AND ANSWERSWhich installer will you use to install the Search Head?
a) Splunk Enterprise
b) Splunk Universal Forwarder - Answers-a) Splunk Enterprise
When you install Splunk on a Windows OS, you also have to configure the boot-start.
True or False - Answers-False. You only need to do that on a Linux installation. Splunk
must be manually started on *NIX until boot-start is enabled.
The default Splunk Web port is:
a) 8191
b) 8089
c) 8000
d) 8065 - Answers-c) 8000
The default splunkd port is:
a) 8191
b) 8089
c) 8000
d) 8065 - Answers-b) 8089
The default Web app-server proxy port is:
a) 8191
b) 8089
c) 8000
d) 8065 - Answers-d) 8065 is used by the python-based application server.
The default KV store port is:
a) 8191
b) 8089
c) 8000
d) 8065 - Answers-8191
What type of architecture is best for testing, POCs, personal use or learning?
a) Single-server, standalone
b) Basic
c) Distributed - Answers-a) Single-server, standalone
,What type of architecture provides the best options for scaling in a variety of ways?
a) Single-server, standalone
b) Basic
c) Distributed - Answers-c) Distributed
What type of architecture includes all features on the main Splunk server, except for
forwarders which are installed at the data source?
a) Single-server, standalone
b) Basic
c) Distributed - Answers-b) Basic
Which layer receives and stores data from forwarders, and searches data in response
to user requests?
a) Searching
b) Indexing/Parsing
c) Inputs - Answers-b) Indexing/Parsing
Which layer monitors data sources and forwards data, and is the best practice method
for data collection?
a) Searching
b) Indexing/Parsing
c) Inputs - Answers-c) Inputs
The universal forwarder requires significant resources on hosts systems in order to
ensure that no data is lost in transmission to the indexer.
True or False - Answers-False. The UF requires minimal resources and is typically
installed on the machines that produce the data.
Which layer allows users to submit queries using SPL, and consolidates and renders
visualizations of the data for users?
a) Searching
b) Indexing/Parsing
c) Inputs - Answers-a) Searching
Which of the following statements is false?
a) For input, Splunk must be able to access data sources.
b) It is best to run Splunk as a super-user, such as root on *NIX or administrator on
Windows.
c) The Splunk account needs to access scripts used for inputs and alerts.
, d) On Windows, you should use a domain account if Splunk has to connect to other
servers, otherwise use a local account that can run services.
True or False. - Answers-b) It is best to run Splunk as a super-user, such as root on
*NIX or administrator on Windows.
Which of the following statements is true?
a) It is not best-practice to use a time synchronization service such as NTP
b) Splunk services do not depend on accurate time
c) Clock skew between hosts can affect search results
d) Indexers and production servers do not need standardized time config - Answers-c)
Clock skew between hosts can affect search results
Which of the following are true statements about splunkd?
a) It spawns and controls Splunk child processes
b) It runs on port 8089 by default
c) It handles all search requests and returns results
d) It accesses, processes and indexes incoming data - Answers-All are true
What provides a browser-based front end for search and Splunk management?
a) Universal Forwarder
b) Heavy Forwarder
c) splunkd
d) Splunk Web - Answers-d) Splunk Web
Which splunk CLI command is used to display the details of a specific object?
a) splunk status
b) splunk help <object>
c) splunk show web-port
d) splunk show servername - Answers-b) splunk help <object>
How long is the Splunk Enterprise trial license valid for before one of the other 3 license
types must be activated?
a) 30 days
b) 60 days
c) 90 days
d) Indefinitely, as long as you stay under 500mb per day limit - Answers-b) 60 days
Which of the following features are disabled with the free license of Splunk?
a) 500mb/day of indexing and forwarding to other Splunk instances
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
81989 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now