Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-1003

Free Splunk® SPLK-1003 Exam Braindumps (page: 5)

Page 5 of 25
PDF with 209 Questions

Within props. conf, which stanzas are valid for data modification? (select all that apply)

  1. Host
  2. Server
  3. Source
  4. Sourcetype

Answer(s): A,C,D

Explanation:

https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec https://docs.splunk.com/Documentation/Splunk/8.1.1/Admin/Propsconf "* Reuse of the same field-extracting regular expression across multiple sources, source types, or hosts." https://docs.splunk.com/Documentation/Splunk/8.0.4/Admin/Propsconf#props.conf.spec



What is the correct order of steps in Duo Multifactor Authentication?

  1. 1 Request Login
    2. Connect to SAML server
    3 Duo MFA
    4 Create User session
    5 Authentication Granted 6. Log into Splunk
  2. 1. Request Login 2 Duo MFA
    3. Authentication Granted 4 Connect to SAML server
    5. Log into Splunk
    6. Create User session
  3. 1 Request Login
    2 Check authentication / group mapping
    3 Authentication Granted
    4. Duo MFA
    5. Create User session
    6. Log into Splunk
  4. 1 Request Login 2 Duo MFA
    3. Check authentication / group mapping
    4 Create User session
    5. Authentication Granted
    6 Log into Splunk

Answer(s): C

Explanation:

Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk

Scroll down to the Network Diagram section and note the following 6 similar steps 1 - SPlunk connection initiated
2 - Primary authentication
3 - Splunk connection established to Duo Security over TCP port 443 4 - Secondary authentication via Duo Security's service 5 - Splunk receives authentication response
6 - Splunk session logged in.



Where can scripts for scripted inputs reside on the host file system? (select all that apply)

  1. $SFLUNK_HOME/bin/scripts
  2. $SPLUNK_HOME/etc/apps/bin
  3. $SPLUNK_HOME/etc/system/bin
  4. $S?LUNK_HOME/etc/apps/<your_app>/bin_

Answer(s): A,C,D

Explanation:

"Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:
$SPLUNK_HOME/etc/system/bin
$SPLUNK_HOME/etc/apps/<your_App>/bin
$SPLUNK_HOME/bin/scripts
As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system."



How does the Monitoring Console monitor forwarders?

  1. By pulling internal logs from forwarders.
  2. By using the forwarder monitoring add-on
  3. With internal logs forwarded by forwarders.
  4. With internal logs forwarded by deployment server.

Answer(s): C

Explanation:

Quoting the following Splunk URL reference https://docs.splunk.com/Documentation/Splunk/8.2.2/DMC/DMCprerequisites "Monitoring Console setup prerequisites. Forward internal logs (both $SPLUNK_HOME/car/log/splunk and $SPLUNK_HOME/var/log/introspection) to indexers from all other components. Without this step, many dashboards will lack data."



What options are available when creating custom roles? (select all that apply)

  1. Restrict search terms
  2. Whitelist search terms
  3. Limit the number of concurrent search jobs
  4. Allow or restrict indexes that can be searched.

Answer(s): A,C,D

Explanation:

https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Admin/ConcurrentLimits "Set limits for concurrent scheduled searches. You must have the edit_search_concurrency_all and edit_search_concurrency_scheduled capabilities to configure these settings."



Which of the following are supported options when configuring optional network inputs?

  1. Metadata override, sender filtering options, network input queues (quantum queues)
  2. Metadata override, sender filtering options, network input queues (memory/persistent queues)
  3. Filename override, sender filtering options, network output queues (memory/persistent queues)
  4. Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Answer(s): B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Data/Monitornetworkports



What is the default character encoding used by Splunk during the input phase?

  1. UTF-8
  2. UTF-16
  3. EBCDIC
  4. ISO 8859

Answer(s): A

Explanation:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

"Configure character set encoding. Splunk software attempts to apply UTF-8 encoding to your scources by default. If a source foesn't use UTF-8 encoding or is a non-ASCII file, Splunk software tries to convert data from the source to UTF-8 encoding unless you specify a character set to use by setting the CHARSET key in the props.conf file."



Which of the following enables compression for universal forwarders in outputs. conf ? A)



B)



C)



D)

  1. Option A
  2. Option B
  3. Option C
  4. Option D

Answer(s): B

Explanation:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf

# Compression
#
# This example sends compressed events to the remote indexer. #
NOTE: Compression can be enabled TCP or SSL outputs only. # The receiver input port should also have compression enabled.
[tcpout]
server = splunkServer.example.com:4433
compressed = true



Viewing page 5 of 25
Viewing questions 33 - 40 out of 209 questions



Post your Comments and Discuss Splunk® SPLK-1003 exam prep with other Community members:

SPLK-1003 Exam Discussions & Posts