Splunk SPLK-1003 Exam Practice Test Instant Access

Question 1

When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?

AApp Class

BClient Class

CServer Class

DForwarder Class

Answer : C

<https://docs.splunk.com/Documentation/Splunk/8.0.6/Updating/Deploymentserverarchitecture>

https://docs.splunk.com/Splexicon:Serverclass

Question 2

Which of the following is a valid distributed search group?

A[distributedSearch:Paris] default = false servers = server1, server2

B[searchGroup:Paris] default = false servers = server1:8089, server2:8089

C[searchGroup:Paris] default = false servers = server1:9997, server2:9997

D[distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Answer : D

https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups

Question 3

Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)

ACLI

BEdit inputs . conf

CEdit forwarder.conf

DForwarder Management

Answer : A, B, D

https://docs.splunk.com/Documentation/Forwarder/8.2.1/Forwarder/HowtoforwarddatatoSplunkEnterprise

'You can collect data on the universal forwarder using several methods. Define inputs on the universal forwarder with the CLI. You can use the CLI to define inputs on the universal forwarder. After you define the inputs, the universal forwarder collects data based on those definitions as long as it has access to the data that you want to monitor. Define inputs on the universal forwarder with configuration files. If the input you want to configure does not have a CLI argument for it, you can configure inputs with configuration files. Create an inputs.conf file in the directory, $SPLUNK_HOME/etc/system/local

Question 4

Which of the following applies only to Splunk index data integrity check?

ALookup table

BSummary Index

CRaw data in the index

DData model acceleration

Answer : C

Question 5

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

AUniversal forwarder

BParsing forwarder

CHeavy forwarder

DAdvanced forwarder

Answer : C

Question 6

If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component

would the fishbucket need to be reset in order to reindex the data?

AIndexer

BForwarder

CSearch head

DDeployment server

Answer : A

https://www.splunk.com/en_us/blog/tips-and-tricks/what-is-this-fishbucket-thing.html

'Every Splunk instance has a fishbucket index, except the lightest of hand-tuned lightweight forwarders, and if you index a lot of files it can get quite large. As any other index, you can change the retention policy to control the size via indexes.conf'

Reference https://community.splunk.com/t5/Archive/How-to-reindex-data-from-a-forwarder/td-p/93310

Question 7

What are the minimum required settings when creating a network input in Splunk?

AProtocol, port number

BProtocol, port, location

CProtocol, username, port

DProtocol, IP. port number

Answer : A

https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Inputsconf

[tcp://<remote server>:]

*Configures the input to listen on a specific TCP network port.

*If a <remote server> makes a connection to this instance, the input uses this stanza to configure itself.

*If you do not specify <remote server>, this stanza matches all connections on the specified port.

*Generates events with source set to 'tcp:', for example: tcp:514

*If you do not specify a sourcetype, generates events with sourcetype set to 'tcp-raw'

Splunk Enterprise Certified Admin SPLK-1003 Exam Practice Test