Splunk Administrator Exam Practice questions and answers 2023/2024
1 view 0 purchase
Course
Splunk
Institution
Splunk
Splunk Administrator Exam Practice questions and answers 2023/2024
Which installer would you use to install a search head?
A. Splunk Enterprise
B. Universal Forwarder
C. Splunk Light Forwarder
A
When you install Splunk on Windows, you're required to configure if Splunk starts on system bo...
splunk administrator exam practice questions and answers 20232024 which installer would you use to install a search head a splunk enterprise b universal forwarder c splunk light forwarder a whe
Written for
Splunk
All documents for this subject (359)
Seller
Follow
LECTMAGGY
Reviews received
Content preview
Splunk Administrator Exam Practice questions and
answers 2023/2024
Which installer would you use to install a search head?
A. Splunk Enterprise
B. Universal Forwarder
C. Splunk Light Forwarder
A
When you install Splunk on Windows, you're required to configure if Splunk
starts on system boot.
True or False?
False, this is only required for Linux installations
The default Splunk Web port is set to 8000.
True or False?
True
Splunk provides separate licenses for metrics and events data.
True or False?
False, metrics data draws from the same license quota as event data
Search Heads also need an Enterprise License (or set as a slave to a License
Master with an Enterprise License) even though you have not configured any
inputs.
True or False?
True
If the indexing exceeds the daily license quota in a pool, your license will go into
a violation.
True or False?
False, if the indexing exceeds the allocated daily quota in a pool, an alert is raised. If it
is not fixed by midnight then the alert turns into a warning.
5 or more warnings on an enforced Enterprise license or 3 warnings on a Free
license (in a rolling 30-day period), results in a violation.
True or False?
True
Write permissions to an App means the user's role is able to modify the App.
True or False?
False, the user's role with write permissions can only manipulate knowledge objects
used in the App.
,Universal forwarders don't have a web interface, but they can still benefit from an
app.
True or False?
True
Which configuration file tells a Splunk instance to ingest data?
A. transforms.conf
B. props.conf
C. outputs.conf
D. inputs.conf
D
When Splunk starts, configuration files are merged together into a single run time
model for each file type.
True or False?
True
btool shows on-disk configurations for a requested file.
True or False?
True
By default, Splunk automatically sets the frozen path when you create an index.
True or False?
False, frozen path is not set by default. Data is set to delete by default.
When hot buckets roll to warm, they go to a different directory.
True or False?
False, hot and warm buckets stay in the same directory. When hot buckets roll to warm,
they are renamed.
_introspection index tracks system performance and Splunk resource usage
data.
True or False?
True
Frozen buckets roll to Thawed automatically.
True or False?
False, to thaw a frozen bucket, you have to start by copying the bucket directory from
the frozen directory to the index's thaweddb directory
When creating an index from the web, it creates a stanza in inputs.conf.
True or False?
False, it creates a stanza in indexes.conf
When running splunk clean, you can set a date range for the events you want to
delete.
,True or False?
False, there is no option to set a date range with the splunk clean command
If you are installing a search head and an indexer, Splunk requires an admin
account on each instance.
True or False?
True
If you want a role that is "like" the user role, but with some capabilities turned off,
you can create a new role that inherits from the user role, then remove some
capabilities.
True or False?
False, you have to create a new role, since you cannot turn off capabilities when
inheriting from a user.
You can unlock a user from the command line.
True or False?
True
You have to configure a separate receiving port on the indexer for each universal
forwarder.
True or False?
False, you're not required to create a separate port for each universal forwarder. You
can just use 9997 or whatever port you specify.
When a Universal Forwarder is installed on Windows, the instance provides a
GUI.
True or False?
False, Universal Forwarders do not have a GUI on Windows or any other OS.
This command will create stanza(s) in which file?
splunk add forward-server indexer:recieving-port
A. props.conf
B. outputs.conf
C. inputs.conf
D. indexes.conf
B
Knowledge bundles contain the knowledge objects required by the indexers for
searching.
True or False?
True
A quarantined search peer is prevented from performing new searches but
continues to attempt to service any currently running search.
, True or False?
True
When adding a Search Peer (Search Head), you have to enter a
username/password of an account on the search peer, and the account must
have the edit_roles capability.
True or False?
False, the account must have edit_user capability.
Search Head Clustering and Indexer clustering are the only two types of
clustering provided by Splunk.
True or False?
True
Which of the following are true about splunkd:
(Select all that apply)
A. Runs on port 8089 using SSL
B. Spawns and controls Splunk child processes
C. Accesses, processes, and indexes incoming data
D. Handles all search requests and returns results
E. All of the above
E
Monitoring Console (MC) can be used by the user and power user roles.
True or False?
False, only admin role can use MC
MC runs un-configured in standalone mode by default.
True or False?
True
The Monitoring Console does not come with preconfigured health checks.
True or False?
False, MC does come with preconfigured health checks
Health checks can be disabled, modified, created and exported.
True or False?
True
Splunk Enterprise versions 6.5+ provides warnings, but does not disable
searching during the violation period.
True or False?
True
What counts against your daily license quota?
(Select all that apply)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LECTMAGGY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.