Splunk SPLK-1003 Exam Questions Instant Access

Question 1

Which of the following statements describe deployment management? (select all that apply)

ARequires an Enterprise license

BIs responsible for sending apps to forwarders.

COnce used, is the only way to manage forwarders

DCan automatically restart the host OS running the forwarder.

Answer : A, B

Question 2

In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value would fit best?

Event example:

AMAX_TIMESTAMP_L0CKAHEAD = 5

BMAX_TIMESTAMP_LOOKAHEAD - 10

CMAX_TIMESTAMF_LOOKHEAD = 20

DMAX TIMESTAMP LOOKAHEAD - 30

Answer : D

Question 3

The priority of layered Splunk configuration files depends on the file's:

AOwner

BWeight

CContext

DCreation time

Answer : C

Question 4

Which of the following statements describes how distributed search works?

AForwarders pull data from the search peers.

BSearch heads store a portion of the searchable data.

CThe search head dispatches searches to the search peers.

DSearch results are replicated within the indexer cluster.

Answer : C

Question 5

The following stanzas in inputs. conf are currently being used by a deployment client:

[udp: //145.175.118.177:1001

Connection_host = dns

sourcetype = syslog

Which of the following statements is true of data that is received via this input?

AIf Splunk is restarted, data will be queued and then sent when Splunk has restarted.

BLocal firewall ports do not need to be opened on the deployment client since the port is defined in inputs.conf.

CThe host value associated with data received will be the IP address that sent the data.

DIf Splunk is restarted, data may be lost.

Answer : D

Question 6

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)

Ainputs.conf

Bmonitor.conf

Coutputs.conf

Dforwarder.conf

Answer : A, C

Question 7

A Universal Forwarder is monitoring a very active syslog stream and as a result is unable to switch between destinations. How would an admin safely remediate this issue?

AConfigure and enable the LINE_BREAKER on the forwarder.

BConfigure useAck on the forwarder.

CConfigure forceTimebasedAutoLB on the forwarder.

DConfigure and enable the FVFNT BREAKER on the forwarder.

Answer : C

Splunk Enterprise Certified Admin SPLK-1003 Exam Questions