Free Download SPLK-1003 Examp Dump: Splunk.SPLK-1003.TestInside.2019-09-17.36q.vcex

Question 1

Which setting in indexes.conf allows data retention to be controlled by time?

maxDaysToKeep
moveToFrozenAfter
maxDataRetentionTime
frozenTimePeriodInSecs

Correct answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/SmartStoredataretention

Question 2

The universal forwarder has which capabilities when sending data? (Select all that apply.)

Sending alerts
Compressing data
Obfuscating/hiding data
Indexer acknowledgement

Correct answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders

Question 3

In which Splunk configuration is the SEDCMD used?

props.conf
inputs.conf
indexes.conf
transforms.conf

Correct answer: A

Explanation:

Reference: https://answers.splunk.com/answers/212128/why-sedcmd-configured-in-propsconf-is-working-duri.html

Question 4

Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)

CLI
Edit inputs.conf
Edit forwarder.conf
Forwarder Management

Correct answer: B

Explanation:

Reference: https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/Configuretheuniversalforwarder

Question 5

Which parent directory contains the configuration files in Splunk?

$SPLUNK_HOME/etc
$SPLUNK_HOME/var
$SPLUNK_HOME/conf
$SPLUNK_HOME/default

Correct answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories

Question 6

Which forwarder type can parse data prior to forwarding?

Universal forwarder
Heaviest forwarder
Hyper forwarder
Heavy forwarder

Correct answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders

Question 7

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

Deployer
Cluster master
Deployment server
Search head cluster master

Correct answer: A

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges

Question 8

This file has been manually created on a universal forwarder:

/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf

[monitor:///var/log/messages]

sourcetype=syslog

index=syslog

A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:

/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf

[monitor:///var/log/maillog]

sourcetype=maillog

index=syslog

Which file is now monitored?

/var/log/messages
/var/log/maillog
/var/log/maillog and /var/log/messages
none of the above

Correct answer: C

Question 9

In which phase of the index time process does the license metering occur?

Input phase
Parsing phase
Indexing phase
Licensing phase

Correct answer: C

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks

Question 10

You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list –-debug. What will the output be?

A list of all the configurations on-disk that Splunk contains.
A verbose list of all configurations as they were when splunkd started.
A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
A list of the current running props.conf configurations along with a file path from which the configuration was made.

Correct answer: D

Explanation:

Reference: https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html

Exam	Splunk Enterprise Certified Admin
Number	SPLK-1003
File Name	Splunk.SPLK-1003.TestInside.2019-09-17.36q.vcex
Size	22 KB
Posted	Sep 17, 2019
Download	Splunk.SPLK-1003.TestInside.2019-09-17.36q.vcex

Download Splunk.SPLK-1003.TestInside.2019-09-17.36q.vcex

File Info

How to open VCEX & EXAM Files?

Demo Questions