SPLK-1003 | The Refresh Guide To SPLK-1003 Exam Topics

NEW QUESTION 1
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

• A. Slash notation
• B. Regular expression
• C. Irregular expression
• D. Wildcard-only expression

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Filterclients

NEW QUESTION 2
Which of the following are required when defining an index in indexes.conf? (Select all that apply.)

• A. coldPath
• B. homePath
• C. frozenPath
• D. thawedPath

Answer: D

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf#PER_INDEX_OPTIONS

NEW QUESTION 3
How does the Monitoring Console monitor forwarders?

• A. By pulling internal logs from forwarders.
• B. By using the forwarder monitoring add-on.
• C. With internal logs forwarded by forwarders.
• D. With internal logs forwarder by deployment server.

Answer: A

NEW QUESTION 4
Which layers are involved in Splunk configuration file layering? (Select all that apply.)

• A. App context
• B. User context
• C. Global context
• D. Forwarder context

Answer: AC

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Wheretofindtheconfigurationfiles

NEW QUESTION 5
During search time, which directory of configuration files has the highest precedence?

• A. $SPLUNK_HOME/etc/system/local
• B. $SPLUNK_HOME/etc/system/default
• C. $SPLUNK_HOME/etc/apps/app1/local
• D. $SPLUNK_HOME/etc/users/admin/local

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

NEW QUESTION 6
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?

• A. To ensure that hot buckets are still open for writers and have not been forced to roll to a cold state.
• B. To ensure that configuration files have not been tampered with for auditing and/or legal purposes.
• C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes.
• D. To ensure that data has not been tampered with for auditing and/or legal purposes.

Answer: D

Explanation:
Reference: https://www.splunk.com/blog/2015/10/28/data-integrity-is-back-baby.html

NEW QUESTION 7
In which phase of the index time process does the license metering occur?

• A. Input phase
• B. Parsing phase
• C. Indexing phase
• D. Licensing phase

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/HowSplunklicensingworks

NEW QUESTION 8
Which Splunk component requires a Forwarder license?

• A. Search head
• B. Heavy forwarder
• C. Heaviest forwarder
• D. Universal forwarder

Answer: B

Explanation:
Reference: https://answers.splunk.com/answers/70017/heavy-forwarder-costs-and-licenses.html

NEW QUESTION 9
Which valid bucket types are searchable? (Select all that apply.)

• A. Hot buckets
• B. Cold buckets
• C. Warm buckets
• D. Frozen buckets

Answer: ABC

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/HowSplunkstoresindexes

NEW QUESTION 10
Which Splunk component does a search head primarily communicate with?

• A. Indexer
• B. Forwarder
• C. Cluster master
• D. Deployment server

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/InheritedDeployment/Deploymenttopology

NEW QUESTION 11
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

• A. Indexers
• B. Forwarder
• C. Search head
• D. Search peers

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Advancedindexingstrategy

NEW QUESTION 12
Which of the following is a valid distributed search group?

• A. [distributedSearch:Paris] default = false servers = server1, server2
• B. [searchGroup:Paris] default = false servers = server1:8089, server2:8089
• C. [searchGroup:Paris] default = false servers = server1:9997, server2:9997
• D. [distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Answer: D

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Distributedsearchgroups

NEW QUESTION 13
How often does Splunk recheck the LDAP server?

• A. Every 5 minutes.
• B. Each time a user logs in.
• C. Each time Splunk is restarted.
• D. Varies based on LDAP_refresh setting.

Answer: D

Explanation:
Reference: http://docshare02.docshare.tips/files/22651/226514302.pdf

NEW QUESTION 14
To set up a network input in Splunk, what needs to be specified?

• A. File path.
• B. Username and password.
• C. Network protocol and port number.
• D. Network protocol and MAC address.

Answer: A

Explanation:
Reference: http://dev.splunk.com/view/dev -guide/SP-CAAAE3A

NEW QUESTION 15
When running the command shown below, what is the default path in which deploymentserver.conf is created?
splunk set deploy-poll deployServer:port

• A. SPLUNK_HOME/etc/deployment
• B. SPLUNK_HOME/etc/system/local
• C. SPLUNK_HOME/etc/system/default
• D. SPLUNK_HOME/etc/apps/deployment

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients

NEW QUESTION 16
What options are available when creating custom roles? (Select all that apply.)

• A. Restrict search terms.
• B. Whitelist search terms.
• C. Limit the number of concurrent search jobs.
• D. Allow or restrict indexes that can be searched.

Answer: AD

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Aboutusersandroles

NEW QUESTION 17
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

• A. Universal forwarder
• B. Parsing forwarder
• C. Heavy forwarder
• D. Advanced forwarder

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Forwarding/Typesofforwarders

NEW QUESTION 18
What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?

• A. REGEX, DEST, FORMAT
• B. REGEX, SRC_KEY, FORMAT
• C. REGEX, DEST_KEY, FORMAT
• D. REGEX, DEST_KEY, FORMATTING

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Transformsconf

NEW QUESTION 19
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?

• A. App Class
• B. Client Class
• C. Server Class
• D. Forwarder Class

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Createdeploymentapps

NEW QUESTION 20
Which of the following are methods for adding inputs in Splunk? (Select all that apply.)

• A. CLI
• B. Splunk Web
• C. Editing inpits.conf
• D. Editing monitor.conf

Answer: AB

Explanation:
Reference: http://dev.splunk.com/view/dev -guide/SP-CAAAE3A

NEW QUESTION 21
Which Splunk component performs indexing and responds to search requests from the search head?

• A. Forwarder
• B. Search peer
• C. License master
• D. Search head cluster

Answer: B

Explanation:
Reference: https://www.edureka.co/blog/splunk-architecture/

NEW QUESTION 22
What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

• A. Disk
• B. CPUs
• C. Memory
• D. Network interface cards

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/SHCarchitecture

NEW QUESTION 23
Which of the following authentication types requires scripting in Splunk?

• A. ADFS
• B. LDAP
• C. SAML
• D. RADIUS

Answer: D

Explanation:
Reference: https://answers.splunk.com/answers/131127/scripted-authentication.html

NEW QUESTION 24
With authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)

• A. LDAP
• B. SAML
• C. RADIUS
• D. Duo Multifactor Authentication

Answer: AD

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SetupuserauthenticationwithSplunk

NEW QUESTION 25
......