Within props.conf, which stanzas are valid for data modification? (select all that apply)
A. Host
B. Server
C. Source
D. Sourcetype - ANSWER:
... [Show More] ACD
The universal forwarder has which capabilities when sending data?
A. Sending alerts
B. Compressing Data
C. Obfuscating/hiding data
D. Indexer acknowledgement - ANSWER: BD
When running the command show below, what is the default path in which deployment server.conf is created?
splunk set deploy-poll deployServer:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C. SPLUNK_HOME/etc/system/default
D. SPLUNK_HOME/etc/apps/deployment - ANSWER: B
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
A. License data
B. Metrics data
C. Internal Splunk data
D. Internal Windows logs - ANSWER: B
In case of a conflict between a whitelist and a blacklist input settings, which one is used?
A. Blacklist
B. Whitelist
C. They cancel each other out
D. Whichever is entered into the configuration first - ANSWER: A
Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses - ANSWER: C
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = false
TRUNCATE = 0
A. MAX_TIMESTAMP_LOCKAHEAD = 5
B. MAX_TIMESTAMP_LOOKAHEAD - 10
C. MAX_TIMESTAMP_LOOKHEAD = 20
D. MAX TIMESTAMP LOOKAHEAD - 30 - ANSWER: D
Which forwarder type can parse data prior to forwarding?
A. Universal Forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder - ANSWER: D
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
A. Any OS platform
B. Linux platform only
C. Windows platform only
D. None of the above - ANSWER: A
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
A. App Class
B. Client Class
C. Server Class
D. Forwarder Class - ANSWER: C
Which of the following statements apply to directory inputs? (Select all the apply)
A. All discovered text files are consumed
B. Compressed files are ignored by default
C. Splunk recursively traverses through the directory structure
D. When adding new log files to a monitored directory, the forwarder must be restarted to take them into account. - ANSWER: AC
For single line event sourcetypes. It is most efficient to set SHOULD_linemerge to what value?
A. True
B. False
C.
D. Newline Character - ANSWER: B
In which scenario would a Splunk Administrator what to enable data integrity check when creating an index?
A. To ensure that hot buckets are still open for writes and have not been forced to roll to a cold state
B. To ensure that configuration files have not been tampered with for auditing and/or legal purposes
C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes
D. To ensure that data has not been tampered with for auditing and/or legal purposes - ANSWER: D
Which valid bucket types are searchable? (select all that apply)
A. Hot buckets
B. Cold buckets
C. Warm buckets
D. Frozen buckets - ANSWER: ABC
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?
A. A token-based HTTP input that is secure and scaleable and that requres the use of forwarders
B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders
C. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.
D. A token-based HTTP input that is insecure and non-scaleable and that does not require the use of forwarders. - ANSWER: B
User role inheritance allows what to be inherited from the parent role? (select all that apply)
A.Parents
B. Capabilities
C. Index access
D. Search history - ANSWER: B C
What are the minimum required settings when creating a network input in Splunk?
A. Protocol, port number
B. Protocol, port, location
C. Protocol, username, port
D. Protocol, IP. port number - ANSWER: A
You update a props.conf file when Splunk is running. You do not restart Splunk and you run this command: splunk btool props list --debug. What will the output be?
A. List of all the configurations on-disk that Splunk contains.
B. A verbose list of all configurations as they were when splunkd started.
C. A list of props.conf configurations as they are on-disk along witha file path from which the configuration is located
D. A list of the current running props.conf configurations along with a file path from which the configurations was made - ANSWER: C
Which of the following are supported options when configuring optional network inputs?
A. Metadata override, sender filtering options, network inputs queues (Quantum queues)
B. Metadata override, sender filtering options, network input queues (memory/persistent queues)
C. Filename override, sender filtering options, network output queues (memory/persistent queues)
D. Metadata override, receiver filtering options, network input queues (memory/persistent queues) - ANSWER: B
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
A. Universal Forwarder
B. Parsing forwarder
C. Heavy forwarder
D. Advanced Forwader - ANSWER: C [Show Less]