Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-1003

Free Splunk® SPLK-1003 Exam Braindumps (page: 3)

Page 3 of 25
PDF with 209 Questions

Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

  1. Deployer
  2. Cluster master
  3. Deployment server
  4. Search head cluster master

Answer(s): C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: "The deployment server distributes deployment apps to clients."



Where should apps be located on the deployment server that the clients pull from?

  1. $SFLUNK_KOME/etc/apps
  2. $SPLUNK_HCME/etc/sear:ch
  3. $SPLUNK_HCME/etc/master-apps
  4. $SPLUNK HCME/etc/deployment-apps

Answer(s): D

Explanation:

After an app is downloaded, it resides under $SPLUNK_HOME/etc/apps on the deployment clients. But it resided in the $SPLUNK_HOME/etc/deployment-apps location in the deployment server.



This file has been manually created on a universal forwarder



A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new



Which file is now monitored?

  1. /var/log/messages
  2. /var/log/maillog
  3. /var/log/maillog and /var/log/messages
  4. none of the above

Answer(s): B



In which phase of the index time process does the license metering occur?

  1. input phase
  2. Parsing phase
  3. Indexing phase
  4. Licensing phase

Answer(s): C

Explanation:

"When ingesting event data, the measured data volume is based on the new raw data that is placed into the indexing pipeline. Because the data is measured at the indexing pipeline, data that is filetered and dropped prior to indexing does not count against the license volume qota." https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/HowSplunklicensingworks



You update a props. conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btoo1 props list --debug.
What will the output be?

  1. list of all the configurations on-disk that Splunk contains.
  2. A verbose list of all configurations as they were when splunkd started.
  3. A list of props. conf configurations as they are on-disk along with a file path from which the configuration is located
  4. A list of the current running props, conf configurations along with a file path from which the configuration was made

Answer(s): C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.1/Troubleshooting/Usebtooltotroubleshootcon figurations
"The btool command simulates the merging process using the on-disk conf files and creates a report showing the merged settings."
"The report does not necessarily represent what's loaded in memory. If a conf file change is made that requires a service restart, the btool report shows the change even though that change isn't active."



When running the command shown below, what is the default path in which deployment server.
conf is created?
splunk set deploy-poll deployServer:port

  1. SFLUNK_HOME/etc/deployment
  2. SPLUNK_HOME/etc/system/local
  3. SPLUNK_HOME/etc/system/default
  4. SPLUNK_KOME/etc/apps/deployment

Answer(s): C

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.1.1/Updating/Definedeploymentclasses#Ways_t o_define_server_classes "When you use forwarder management to create a new server class, it saves the server class definition in a copy of serverclass.conf under $SPLUNK_HOME/etc/system/local. If, instead of using forwarder management, you decide to directly edit serverclass.conf, it is recommended that you create the serverclass.conf file in that same directory, $SPLUNK_HOME/etc/system/local."



The priority of layered Splunk configuration files depends on the file's:

  1. Owner
  2. Weight
  3. Context
  4. Creation time

Answer(s): C

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles "To determine the order of directories for evaluating configuration file precendence, Splunk software considers each file's context. Configuration files operate in either a global context or in the context of the current app and user"



When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

  1. Slash notation
  2. Regular expression
  3. Irregular expression
  4. Wildcard-only expression

Answer(s): B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdat a#Include_or_exclude_specific_incoming_data



Viewing page 3 of 25
Viewing questions 17 - 24 out of 209 questions



Post your Comments and Discuss Splunk® SPLK-1003 exam prep with other Community members:

SPLK-1003 Exam Discussions & Posts