What Breathing SPLK-1003 Question Is

NEW QUESTION 1
Which of the following authentication types requires scripting in Splunk?

• A. ADFS
• B. LDAP
• C. SAML
• D. RADIUS

Answer: D

Explanation:
Reference: https://answers.splunk.com/answers/131127/scripted-authentication.html

NEW QUESTION 2
Which of the following are supported options when configuring optional network inputs?

• A. Metadata override, sender filtering options, network input queues (quantum queues)
• B. Metadata override, sender filtering options, network input queues (memory/persistent queues)
• C. Filename override, sender filtering options, network output queues (memory/persistent queues)
• D. Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Answer: D

NEW QUESTION 3
The priority of layered Splunk configuration files depends on the file’s:

• A. Owner
• B. Weight
• C. Context
• D. Creation time

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

NEW QUESTION 4
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

• A. A token-based HTTP input that is secure and scalable and that requires the use of forwarders.
• B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.
• C. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.
• D. A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.

Answer: B

Explanation:
Reference: http://dev.splunk.com/view/event-collector/SP-CAAAE6M

NEW QUESTION 5
To set up a network input in Splunk, what needs to be specified?

• A. File path.
• B. Username and password.
• C. Network protocol and port number.
• D. Network protocol and MAC address.

Answer: A

Explanation:
Reference: http://dev.splunk.com/view/dev -guide/SP-CAAAE3A

NEW QUESTION 6
What is the correct order of steps in Duo Multifactor Authentication?

• A. * 1. Request Login* 2. Connect to SAML server* 3. Duo MFA* 4. Create User session* 5. Authentication Granted* 6. Log into Splunk
• B. * 1. Request Login* 2. Duo MFA* 3. Authentication Granted* 4. Connect to SAML server* 5. Log into Splunk* 6. Create User session
• C. * 1. Request Login* 2. Check authentication / group mapping* 3. Authentication Granted* 4. Duo MFA* 5. Create User session* 6. Log into Splunk
• D. * 1. Request Login* 2. Duo MFA* 3. Check authentication / group mapping* 4. Create User session* 5. Authentication Granted* 6. Log into Splunk

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/ConfigureDuo

NEW QUESTION 7
How does the Monitoring Console monitor forwarders?

• A. By pulling internal logs from forwarders.
• B. By using the forwarder monitoring add-on.
• C. With internal logs forwarded by forwarders.
• D. With internal logs forwarder by deployment server.

Answer: A

NEW QUESTION 8
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

• A. Universal forwarder
• B. Parsing forwarder
• C. Heavy forwarder
• D. Advanced forwarder

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Forwarding/Typesofforwarders

NEW QUESTION 9
What is the default character encoding used by Splunk during the input phase?

• A. UTF-8
• B. UTF-16
• C. EBCDIC
• D. ISO 8859

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

NEW QUESTION 10
User role inheritance allows what to be inherited from the parent role? (Select all that apply.)

• A. Parents
• B. Capabilities
• C. Index access
• D. Search history

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

NEW QUESTION 11
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list –-debug. What will the output be?

• A. A list of all the configurations on-disk that Splunk contains.
• B. A verbose list of all configurations as they were when splunkd started.
• C. A list of props.conf configurations as they are on-disk along with a file path from which the configuration is located.
• D. A list of the current running props.conf configurations along with a file path from which the configuration was made.

Answer: D

Explanation:
Reference: https://answers.splunk.com/answers/494219/need-help-with-what-should-be-a-simple-precedence.html

NEW QUESTION 12
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

• A. Deployer
• B. Cluster master
• C. Deployment server
• D. Search head cluster master

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges

NEW QUESTION 13
Which Splunk component does a search head primarily communicate with?

• A. Indexer
• B. Forwarder
• C. Cluster master
• D. Deployment server

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/InheritedDeployment/Deploymenttopology

NEW QUESTION 14
Which of the following enables compression for universal forwarders in outputs.conf?

• A. [udpout:mysplunk_indexer11] compression=true
• B. [tcpout] defaultGroup=my_indexers compressed=true
• C. /opt/splunkforwarder/bin/splunk enable compression
• D. [tcpount:my_indexers] server=mysplunk_indexer1:9997, mysplunk_indexer2:9997 decompression=false

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Outputsconf

NEW QUESTION 15
For single line event sourcetypes, it is most efficient to set SHOULD_LINEMERGE
to what value?

• A. True
• B. False
• C. <regex string>
• D. Newline Character

Answer: B

Explanation:
Reference: https://answers.splunk.com/answers/704533/what-are-the-best-practices-for-defining-source-ty.html

NEW QUESTION 16
How often does Splunk recheck the LDAP server?

• A. Every 5 minutes.
• B. Each time a user logs in.
• C. Each time Splunk is restarted.
• D. Varies based on LDAP_refresh setting.

Answer: D

Explanation:
Reference: http://docshare02.docshare.tips/files/22651/226514302.pdf

NEW QUESTION 17
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?

• A. To ensure that hot buckets are still open for writers and have not been forced to roll to a cold state.
• B. To ensure that configuration files have not been tampered with for auditing and/or legal purposes.
• C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes.
• D. To ensure that data has not been tampered with for auditing and/or legal purposes.

Answer: D

Explanation:
Reference: https://www.splunk.com/blog/2015/10/28/data-integrity-is-back-baby.html

NEW QUESTION 18
How do you remove missing forwarders from the Monitoring Console?

• A. By restarting Splunk.
• B. By rescanning active forwarders.
• C. By reloading the deployment server.
• D. By rebuilding the forwarder asset table.

Answer: D

Explanation:
Reference: https://answers.splunk.com/answers/447096/how-to-remove-missing-forwarders-from-the-distribu.html

NEW QUESTION 19
During search time, which directory of configuration files has the highest precedence?

• A. $SPLUNK_HOME/etc/system/local
• B. $SPLUNK_HOME/etc/system/default
• C. $SPLUNK_HOME/etc/apps/app1/local
• D. $SPLUNK_HOME/etc/users/admin/local

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

NEW QUESTION 20
Which of the following indexes come pre-configured with Splunk Enterprise? (Select all that apply.)

• A. _licence
• B. _internal
• C. _external
• D. _thefishbucket

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Howindexingworks

NEW QUESTION 21
Which Splunk component requires a Forwarder license?

• A. Search head
• B. Heavy forwarder
• C. Heaviest forwarder
• D. Universal forwarder

Answer: B

Explanation:
Reference: https://answers.splunk.com/answers/70017/heavy-forwarder-costs-and-licenses.html

NEW QUESTION 22
Which of the following statements describe deployment management? (Select all that apply.)

• A. Requires an Enterprise license.
• B. Is responsible for sending apps to forwarders.
• C. Once used, is the only way to manage forwarders.
• D. Can automatically restart the host OS running the forwarder.

Answer: A

NEW QUESTION 23
Which valid bucket types are searchable? (Select all that apply.)

• A. Hot buckets
• B. Cold buckets
• C. Warm buckets
• D. Frozen buckets

Answer: ABC

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/HowSplunkstoresindexes

NEW QUESTION 24
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog] sourcetype=maillog index=syslog
Which file is now monitored?

• A. /var/log/messages
• B. /var/log/maillog
• C. /var/log/maillog and /var/log/messages
• D. none of the above

Answer: C

NEW QUESTION 25
When running the command shown below, what is the default path in which deploymentserver.conf is created?
splunk set deploy-poll deployServer:port

• A. SPLUNK_HOME/etc/deployment
• B. SPLUNK_HOME/etc/system/local
• C. SPLUNK_HOME/etc/system/default
• D. SPLUNK_HOME/etc/apps/deployment

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Configuredeploymentclients

NEW QUESTION 26
......