[Q64-Q85] Certification Training for SPLK-1003 Exam Dumps Test Engine [2021]

Certification Training for SPLK-1003 Exam Dumps Test Engine [2021]

Sep 12, 2021 Step by Step Guide to Prepare for SPLK-1003 Exam

NEW QUESTION 64
Which feature of Splunk's role configuration can be used to aggregate multiple roles intended for groups of users?

• A. Role inheritance
• B. Role federation
• C. Linked roles
• D. Grantable roles

Answer: A

 

NEW QUESTION 65
What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?

• A. REGEX, DEST. FORMAT
• B. REGEX. SRC_KEY, FORMAT
• C. REGEX, DEST_KEY FORMATTING
• D. REGEX, DEST_KEY, FORMAT

Answer: A

 

NEW QUESTION 66
Within props. conf, which stanzas are valid for data modification? (select all that apply)

• A. Host
• B. Server
• C. Source
• D. Sourcetype

Answer: D

 

NEW QUESTION 67
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

• A. A token-based HTTP input that is secure and scalable and that requires the use of forwarders.
• B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.
• C. A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.
• D. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.

Answer: B

Explanation:
Explanation/Reference: http://dev.splunk.com/view/event-collector/SP-CAAAE6M

 

NEW QUESTION 68
The universal forwarder has which capabilities when sending data? (select all that apply)

• A. Compressing data
• B. Obfuscating/hiding data
• C. Indexer acknowledgement
• D. Sending alerts

Answer: C

 

NEW QUESTION 69
Which of the following are supported configuration methods to add inputs on a forwarder? (select all that apply)

• A. Edit forwarder.conf
• B. CLI
• C. Edit inputs . conf
• D. Forwarder Management

Answer: C,D

 

NEW QUESTION 70
What options are available when creating custom roles? (select all that apply)

• A. Restrict search terms
• B. Limit the number of concurrent search jobs
• C. Allow or restrict indexes that can be searched.
• D. Whitelist search terms

Answer: A,B,C

 

NEW QUESTION 71
Where are license files stored?

• A. $SPLUNK_HOME/etc/secure
• B. $SPLUNK_HOME/etc/licenses
• C. $SPLUNK_HOME/etc/apps/licenses
• D. $SPLUNK_HOME/etc/system

Answer: B

Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/LicenserCLIcommands

 

NEW QUESTION 72
How do you remove missing forwarders from the Monitoring Console?

• A. By reloading the deployment server.
• B. By rebuilding the forwarder asset table.
• C. By rescanning active forwarders.
• D. By restarting Splunk.

Answer: B

Explanation:
Explanation/Reference: https://answers.splunk.com/answers/447096/how-to-remove-missing-forwarders-from-the- distribu.html

 

NEW QUESTION 73
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?

• A. _TCP_ROUTING
• B. _INDEXER_LIST
• C. _INDEXER_GROUP
• D. _INDEXER ROUTING

Answer: A

 

NEW QUESTION 74
Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?

• A. transforms.conf
  [mask-SSN]
  REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
  FORMAT = $1<SSN>###-##-$2
  DEST_KEY = _raw
• B. transforms.conf
  [mask-SSN]
  REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
  FORMAT = $1<SSN>###-##-$2
  DEST_KEY = _raw
• C. props.conf
  [mask-SSN]
  REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
  FORMAT = $1<SSN>###-##-$2
  KEY = _raw
• D. props.conf
  [mask-SSN]
  REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
  FORMAT = $1<SSN>###-##-$2
  DEST_KEY = _raw

Answer: D

 

NEW QUESTION 75
Within props. conf, which stanzas are valid for data modification? (select all that apply)

• A. Server
• B. Source
• C. Host
• D. Sourcetype

Answer: B,C,D

 

NEW QUESTION 76
Which Splunk component requires a Forwarder license?

• A. Heaviest forwarder
• B. Search head
• C. Heavy forwarder
• D. Universal forwarder

Answer: C

Explanation:
Explanation/Reference: https://answers.splunk.com/answers/70017/heavy-forwarder-costs-and-licenses.html

 

NEW QUESTION 77
Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations found in props.confto be validated all through the UI?

• A. Data preview
• B. Search
• C. Apps
• D. Forwarder inputs

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 78
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?

• A. To ensure that configuration files have not been tampered with for auditing and/or legal purposes
• B. To ensure that hot buckets are still open for writes and have not been forced to roll to a cold state
• C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes.
• D. To ensure that data has not been tampered with for auditing and/or legal purposes

Answer: D

 

NEW QUESTION 79
After how many warnings within a rolling 30-day period will a license violation occur with an enforced Enterprise license?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

 

NEW QUESTION 80
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)

• A. rawdata.conf
• B. transforms.conf
• C. props.conf
• D. inputs.conf

Answer: C

Explanation:
Explanation
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/Configuretimestamprecognition

 

NEW QUESTION 81
What is the correct order of steps in Duo Multifactor Authentication?

• A. 1 Request Login
  2. Connect to SAML server
  3 Duo MFA
  4 Create User session
  5 Authentication Granted 6. Log into Splunk
• B. 1 Request Login
  2 Check authentication / group mapping
  3 Authentication Granted
  4. Duo MFA
  5. Create User session
  6. Log into Splunk
• C. 1 Request Login 2 Duo MFA
  3. Check authentication / group mapping
  4 Create User session
  5. Authentication Granted
  6 Log into Splunk
• D. 1. Request Login 2 Duo MFA
  3. Authentication Granted 4 Connect to SAML server
  5. Log into Splunk
  6. Create User session

Answer: B

 

NEW QUESTION 82
Which of the following are required when defining an index in indexes.conf? (Choose all that apply.)

• A. homePath
• B. thawedPath
• C. frozenPath
• D. coldPath

Answer: A,B,D

Explanation:
Explanation/Reference:
https://answers.splunk.com/answers/558653/indexesconf-and-volume-settings.html

 

NEW QUESTION 83
What are the required stanza attributes when configuring the transforms.confto manipulate or remove events?

• A. REGEX, SRC_KEY, FORMAT
• B. REGEX, DEST_KEY, FORMATTING
• C. REGEX, DEST, FORMAT
• D. REGEX, DEST_KEY, FORMAT

Answer: D

Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Transformsconf

 

NEW QUESTION 84
Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?

• A. _TCP_ROUTING
• B. _INDEXER_LIST
• C. _INDEXER_GROUP
• D. _INDEXER_ROUTING

Answer: A

Explanation:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/ Monitorfilesanddirectorieswithinputs.conf

 

NEW QUESTION 85
......

Ultimate Guide to Prepare SPLK-1003 Certification Exam for Splunk Enterprise Certified Admin: https://www.prep4sureguide.com/SPLK-1003-prep4sure-exam-guide.html

Splunk Enterprise Certified Admin SPLK-1003 Real Exam Questions and Answers FREE Updated: https://drive.google.com/open?id=1o2p1kf2sGlfVnxowwSTga0-HoKLDOYUI