Splunk SPLK-1003 Exam Practice Test Instant Access

Question 1

Which of the following are reasons to create separate indexes? (Choose all that apply.)

ADifferent retention times.

BIncrease number of users.

CRestrict user permissions.

DFile organization.

Answer : A, D

Question 2

In this example, if useACK is set to true and the maxQueueSize is set to 7MB, what is the size of the wait queue on this universal forwarder?

A21MB

B28MB

C14MB

D7MB

Answer : A

Question 3

Which setting allows the configuration of Splunk to allow events to span over more than one line?

ASHOULD_LINEMERGE = true

BBREAK_ONLY_BEFORE_DATE = true

CBREAK_ONLY_BEFORE = <REGEX pattern>

DSHOULD_LINEMERGE = false

Answer : C

Question 4

Consider the following stanza in inputs.conf:

What will the value of the source filed be for events generated by this scripts input?

A/opt/splunk/ecc/apps/search/bin/liscer.sh

Bunknown

Cliscer

Dliscer.sh

Answer : A

Question 5

What happens when the same username exists in Splunk as well as through LDAP?

ASplunk user is automatically deleted from authentication.conf.

BLDAP settings take precedence.

CSplunk settings take precedence.

DLDAP user is automatically deleted from authentication.conf

Answer : C

Question 6

After automatic load balancing is enabled on a forwarder, the time interval for switching indexers can be updated by using which of the following attributes?

AchannelTTL

BconnectionTimeout

CautoLBFrequency

DsecsInFailurelnterval

Answer : C

Question 7

The LINE_BREAKER attribute is configured in which configuration file?

Aprops.conf

Bindexes.conf

Cinpucs.conf

Dtransforms.conf

Answer : A

Splunk SPLK-1003 Splunk Enterprise Certified Admin Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7