New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Splunk SPLK-1005 Splunk Cloud Certified Admin Exam Practice Test

Page: 1 / 8
Total 80 questions

Splunk Cloud Certified Admin Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which of the following tasks is the responsibility of a Splunk Cloud administrator?

Options:

A.

Configuring deployer

B.

Configuring cluster master

C.

Configuring indexers

D.

Configuring indexes

Question 2

A monitor has been created in inputs. con: for a directory that contains a mix of file types.

How would a Cloud Admin fine-tune assigned sourcetypes for different files in the directory during the input phase?

Options:

A.

On the Indexer parsing the data, leave sourcetype as automatic for the directory monitor. Then create a props.conf that assigns a specific sourcetype by source stanza.

B.

On the forwarder collecting the data, leave sourcetype as automatic for the directory monitor. Then create a props. conf that assigns a specific sourcetype by source stanza.

C.

On the Indexer parsing the data, set multiple sourcetype_source attributes for the directory monitor collecting the files. Then create a props, com that filters out unwanted files.

D.

On the forwarder collecting the data, set multiple 3ourcotype_sourc« attributes for the directory monitor collecting the files. Then create a props. conf that filters out unwanted files.

Question 3

When should Splunk Cloud Support be contacted?

Options:

A.

For scripted input troubleshooting.

B.

For all configuration changes.

C.

When unable to resolve issues or perform problem isolation.

D.

For resizing, license changes, or any purchases.

Question 4

Which of the following is a correct statement about Universal Forwarders?

Options:

A.

The Universal Forwarder must be able to contact the license master.

B.

A Universal Forwarder must connect to Splunk Cloud via a Heavy Forwarder.

C.

A Universal Forwarder can be an Intermediate Forwarder.

D.

The default output bandwidth is 500KBps.

Question 5

What is the default port for sending data via HTTP Event Collector to Splunk Cloud?

Options:

A.

443

B.

8088

C.

9997

D.

8000

Question 6

By default, which of the following capabilities are granted to the sc_admin role?

Options:

A.

indexes_edit, edit___token, admin_all_objects, delete_by_keyword

B.

indexes_edit, fsh_manage, acs_conf, list_indexesdiscovert

C.

indexes_edit, fsh_manage, admin_all_objects can_delete

D.

indexes_edit, edit_token_http, admin _all objects, edit limits_conf

Question 7

At what point in the indexing pipeline set is SEDCMD applied to data?

Options:

A.

In the aggregator queue

B.

In the parsing queue

C.

In the exec pipeline

D.

In the typing pipeline

Question 8

For the following data, what would be the correct attribute/value oair to use to successfully extract the correct timestamp from all the events?

Options:

A.

TIMK_FORMAT = %b %d %H:%M:%S %z

B.

DATETIME CONFIG = %Y-%m-%d %H:%M:%S %2

C.

TIME_FORMAT = %b %d %H:%M:%S

D.

DATETIKE CONFIG = Sb %d %H:%M:%S

Question 9

Which of the following is a valid method to test if a forwarder can successfully send data to Splunk Cloud?

Options:

A.

Search the _audit index to confirm whether the forwarder ID was registered.

B.

Use oneshot from the CLI on the forwarders, then check to see if those logs show up in the Splunk Cloud environment.

C.

On Splunk Cloud UI, click Add Data and upload a test file, then search to see if the logs show up.

D.

Ping the inputssl.example.splunkcloud.com to see if it returns the ping.

Question 10

Which of the following is a valid stanza in props. conf?

Options:

A.

[sourcetype::linux_secure]

B.

[host=nyc25]

C.

[host::nyc*]

D.

[host:nyc*]

Question 11

Consider the following configurations:

What is the value of the sourcetype property for this stanza based on Splunk's configuration file precedence?

Options:

A.

NULL, or unset, due to configuration conflict

B.

access_corabined

C.

linux aacurs

D.

linux_secure, access_combined

Question 12

Which of the following statements is true about data transformations using SEDCMD?

Options:

A.

Can only be used to mask or truncate raw data.

B.

Configured in props.conf and transform.conf.

C.

Can be used to manipulate the sourcetype per event.

D.

Operates on a REGEX pattern match of the source, sourcetype, or host of an event.

Question 13

When is data deleted from a Splunk Cloud index?

Options:

A.

When buckets roll to frozen, without a defined archive.

B.

When data is deleted via the Splunk Cloud Admin GUI.

C.

When TA_Delete is downloaded and enabled from SplunkBase.

D.

When the daleteindex command is executed from the CLI.

Question 14

In Splunk Cloud, which of the following statements regarding REST API is true?

Options:

A.

REST API and Splunk HEC are on the same port.

B.

All REST API endpoints are open and available by default.

C.

REST API is not available in Splunk Cloud.

D.

A subset of REST API endpoints are enabled for customers to manage Splunk.

Question 15

Which configuration shown is used to enable a forwarder as a deployment client of the server 10.1.2.3?

Options:

A.

[target-broker:deploymentServer] targetUri = 10.1.2.3:9997

B.

[target-broker:deploymentserver] targetUri = 10.1.2.3:8089

C.

[target-broker:deploymentserver] deploymentserver = 10.1.2.3:9997

D.

[target-broker:deploymentserver] deploymentserver = 10.1.2.3:8089

Question 16

What does the followTail attribute do in inputs.conf?

Options:

A.

Pauses a file monitor if the queue is full.

B.

Only creates a tail checkpoint of the monitored file.

C.

Ingests a file starting with new content and then reading older events.

D.

Prevents pre-existing content in a file from being ingested.

Question 17

Which of the following statements regarding apps in Splunk Cloud is true?

Options:

A.

Self-service install of premium apps is possible.

B.

Only Cloud certified and vetted apps are supported.

C.

Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.

D.

Self-service install is available for all apps on Splunkbase.

Question 18

What is a private app?

Options:

A.

An app where only a specific role has read and write access.

B.

An app that is only viewable by a specific user.

C.

An app that is created and used only by a specific organization.

D.

An app where only a specific role has read access.

Question 19

Which of the following is not considered a best practice for the deployment server?

Options:

A.

Create small, single-purpose deployment apps.

B.

Dedicate a Splunk instance as the deployment server.

C.

Use a Linux server as the deployment server.

D.

Create large, multi-purpose deployment apps.

Question 20

Configuration folders named default contain configuration files/settings specified in the Splunk product or default settings specified in apps. Which of the following is recommended to override these settings?

Options:

A.

It does not matter whether setting overrides are placed in default or local folders. Both are equally acceptable since Splunk will merge all the files together into one runtime model after each restart.

B.

Any settings to be overridden should be modified in-place wherever the setting was found originally. For example, if overriding a setting originally found in system/default, it should be overridden there to ensure that the desired value is used by Splunk.

C.

Overrides should be placed in a folder named local, ideally within a custom Splunk app. This ensures the overrides are preserved upon product or app upgrade and will also be easier to maintain/support.

D.

Try to store all configuration overrides in system/local folder to keep all configurations in one place. This ensures the modification has the highest precedence over all other configuration entries.

Question 21

When creating a new index, which of the following is true about archiving expired events?

Options:

A.

Store expired events in private AWS-based storage.

B.

Expired events cannot be archived.

C.

Archive some expired events from an index and discard others.

D.

Store expired events on-prem using your own storage systems.

Question 22

Which of the following is the default bandwidth limit in the Splunk Universal Forwarder credentials package?

Options:

A.

0KBps

B.

256 KBps

C.

512 KBps

D.

1024 KBps

Question 23

When monitoring network inputs, there will be times when the forwarder is unable to send data to the indexers. Splunk uses a memory queue and a disk queue. Which setting is used for the disk queue?

Options:

A.

queueSize

B.

maxQeueSize

C.

diskQiioiioiiizo

D.

persistentQueueSize

Question 24

Which file or folder below is not a required part of a deployment app?

Options:

A.

app.conf (in default or local)

B.

local.meta

C.

metadata folder

D.

props.conf

Page: 1 / 8
Total 80 questions