Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Splunk
  5. SPLK-1003

Splunk SPLK-1003 Exam Questions
Splunk Enterprise Certified Admin (Page 17 )

Updated On: 28-Feb-2026
Page 7 of 39
PDF with 220 Questions

What is the correct order of steps in Duo Multifactor Authentication?

  1. 1 Request Login
    2. Connect to SAML server
    3 Duo MFA
    4 Create User session
    5 Authentication Granted 6. Log into Splunk
  2. 1. Request Login 2 Duo MFA
    3. Authentication Granted 4 Connect to SAML server
    5. Log into Splunk
    6. Create User session
  3. 1 Request Login
    2 Check authentication / group mapping
    3 Authentication Granted
    4. Duo MFA
    5. Create User session
    6. Log into Splunk
  4. 1 Request Login 2 Duo MFA
    3. Check authentication / group mapping
    4 Create User session
    5. Authentication Granted
    6 Log into Splunk

Answer(s): C

Explanation:

Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk

Scroll down to the Network Diagram section and note the following 6 similar steps 1 - SPlunk connection initiated
2 - Primary authentication
3 - Splunk connection established to Duo Security over TCP port 443 4 - Secondary authentication via Duo Security's service 5 - Splunk receives authentication response
6 - Splunk session logged in.



Where can scripts for scripted inputs reside on the host file system? (select all that apply)

  1. $SFLUNK_HOME/bin/scripts
  2. $SPLUNK_HOME/etc/apps/bin
  3. $SPLUNK_HOME/etc/system/bin
  4. $S?LUNK_HOME/etc/apps/<your_app>/bin_

Answer(s): A,C,D

Explanation:

"Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:
$SPLUNK_HOME/etc/system/bin
$SPLUNK_HOME/etc/apps/<your_App>/bin
$SPLUNK_HOME/bin/scripts
As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system."



How does the Monitoring Console monitor forwarders?

  1. By pulling internal logs from forwarders.
  2. By using the forwarder monitoring add-on
  3. With internal logs forwarded by forwarders.
  4. With internal logs forwarded by deployment server.

Answer(s): C

Explanation:

Quoting the following Splunk URL reference https://docs.splunk.com/Documentation/Splunk/8.2.2/DMC/DMCprerequisites "Monitoring Console setup prerequisites. Forward internal logs (both $SPLUNK_HOME/car/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data."



What options are available when creating custom roles? (select all that apply)

  1. Restrict search terms
  2. Whitelist search terms
  3. Limit the number of concurrent search jobs
  4. Allow or restrict indexes that can be searched.

Answer(s): A,C,D

Explanation:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits "Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings."



Which of the following are supported options when configuring optional network inputs?

  1. Metadata override, sender filtering options, network input queues (quantum queues)
  2. Metadata override, sender filtering options, network input queues (memory/persistent queues)
  3. Filename override, sender filtering options, network output queues (memory/persistent queues)
  4. Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Answer(s): B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports



Viewing page 17 of 39
Viewing questions 81 - 85 out of 220 questions



Post your Comments and Discuss Splunk SPLK-1003 exam dumps with other Community members:

SPLK-1003 Exam Discussions & Posts

AI Tutor