NEW QUESTION 1
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?

• A. Any OS platform.
• B. Linux platform only.
• C. Windows platform only.
• D. None of the above.

Answer: C

NEW QUESTION 2
In case of a conflict between a whitelist and a blacklist input setting, which one is used?

• A. Blacklist
• B. Whitelist
• C. They cancel each other out.
• D. Whichever is entered into the configuration first.

Answer: A

Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=2ahUKEwj0r6Lso6bkAhUqxYUKHbWlDz4QFjAHegQIAxAC&url=http%3A%2F%2Fsplunk.training%2Fshowpdf.asp%3Fdata%3D789BB6B10C1B4376B548D711B4377F3F4B511B437805A8EC11B437742EA8F11B43779B6FA211B4376EA657C11B4376FC19B311B4377E2407E11B43730AF97411B4377F3F4B511B437742EA8F11B43779B6FA211B43771F822111B437731365811B43730AF97411B437789BB6B11B4376B548D711B4377F3F4B511B437805A8EC11B437742EA8F11B43779B6FA211B4376EA657C11B4376FC19B311B4377E2407E11B43732E61E211B4377F3F4B511B437742EA8F11B43779B6FA211B43771F822111B437731365811B43746D0DC011B4377549EC611B4377BED81011B437789BB6B11B4376D8B14511B437731365811B4376B548D711B4377F3F4B511B4376FC19B311B43732E61E211B4376D8B14511B4377AD23D911B437789BB6B11B43730AF97411B4373989B2C11B437386E6F511B437386E6F511B4373DF6C0811B43737532BE11B4373BC039A11B437351CA5011B43737532BE11B43730AF97411B4375BD6DD511B43730AF97411B437564E8C211B43730AF97411B437%257C2318D1%257C11649A&usg=AOvVaw2e9s-JweivuCkqTb4-Y9uW

NEW QUESTION 3
With authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)

• A. LDAP
• B. SAML
• C. RADIUS
• D. Duo Multifactor Authentication

Answer: AD

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/SetupuserauthenticationwithSplunk

NEW QUESTION 4
What are the minimum required settings when creating a network input in Splunk?

• A. Protocol, port number
• B. Protocol, port, location
• C. Protocol, username, port
• D. Protocol, IP, port number

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/UsetheHTTPEventCollector

NEW QUESTION 5
User role inheritance allows what to be inherited from the parent role? (Select all that apply.)

• A. Parents
• B. Capabilities
• C. Index access
• D. Search history

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

NEW QUESTION 6
Where can scripts for scripted inputs reside on the host file system? (Select all that apply.)

• A. $SPLUNK_HOME/bin/scripts
• B. $SPLUNK_HOME/etc/apps/bin
• C. $SPLUNK_HOME/etc/system/bin
• D. $SPLUNK_HOME/etc/apps/<your_app>/bin

Answer: ACD

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Getdatafromscriptedinputs#Where_to_place_the_scripts_for_scripted_inputs

NEW QUESTION 7
What is the default character encoding used by Splunk during the input phase?

• A. UTF-8
• B. UTF-16
• C. EBCDIC
• D. ISO 8859

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Configurecharactersetencoding

NEW QUESTION 8
What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

• A. Disk
• B. CPUs
• C. Memory
• D. Network interface cards

Answer: B

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/SHCarchitecture

NEW QUESTION 9
Which of the following are supported options when configuring optional network inputs?

• A. Metadata override, sender filtering options, network input queues (quantum queues)
• B. Metadata override, sender filtering options, network input queues (memory/persistent queues)
• C. Filename override, sender filtering options, network output queues (memory/persistent queues)
• D. Metadata override, receiver filtering options, network input queues (memory/persistent queues)

Answer: D

NEW QUESTION 10
Which of the following are methods for adding inputs in Splunk? (Select all that apply.)

• A. CLI
• B. Splunk Web
• C. Editing inpits.conf
• D. Editing monitor.conf

Answer: AB

Explanation:
Reference: http://dev.splunk.com/view/dev -guide/SP-CAAAE3A

NEW QUESTION 11
Which of the following authentication types requires scripting in Splunk?

• A. ADFS
• B. LDAP
• C. SAML
• D. RADIUS

Answer: D

Explanation:
Reference: https://answers.splunk.com/answers/131127/scripted-authentication.html

NEW QUESTION 12
During search time, which directory of configuration files has the highest precedence?

• A. $SPLUNK_HOME/etc/system/local
• B. $SPLUNK_HOME/etc/system/default
• C. $SPLUNK_HOME/etc/apps/app1/local
• D. $SPLUNK_HOME/etc/users/admin/local

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

NEW QUESTION 13
Which Splunk component requires a Forwarder license?

• A. Search head
• B. Heavy forwarder
• C. Heaviest forwarder
• D. Universal forwarder

Answer: B

Explanation:
Reference: https://answers.splunk.com/answers/70017/heavy-forwarder-costs-and-licenses.html

NEW QUESTION 14
Which of the following is a valid distributed search group?

• A. [distributedSearch:Paris] default = false servers = server1, server2
• B. [searchGroup:Paris] default = false servers = server1:8089, server2:8089
• C. [searchGroup:Paris] default = false servers = server1:9997, server2:9997
• D. [distributedSearch:Paris] default = false servers = server1:8089; server2:8089

Answer: D

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Distributedsearchgroups

NEW QUESTION 15
Which parent directory contains the configuration files in Splunk?

• A. $SPLUNK_HOME/etc
• B. $SPLUNK_HOME/var
• C. $SPLUNK_HOME/conf
• D. $SPLUNK_HOME/default

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories

NEW QUESTION 16
In which Splunk configuration is the SEDCMD used?

• A. props.conf
• B. inputs.conf
• C. indexes.conf
• D. transforms.conf

Answer: A

Explanation:
Reference: https://answers.splunk.com/answers/212128/why-sedcmd-configured-in-propsconf-is-working-duri.html

NEW QUESTION 17
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?

• A. App Class
• B. Client Class
• C. Server Class
• D. Forwarder Class

Answer: C

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Createdeploymentapps

NEW QUESTION 18
Local user accounts created in Splunk store passwords in which file?

• A. $SPLUNK_HOME/etc/passwd
• B. $SPLUNK_HOME/etc/authentication
• C. $SPLUNK_HOME/etc/users/passwd.conf
• D. $SPLUNK_HOME/etc/users/authentication.conf

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/User-seedconf

NEW QUESTION 19
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

• A. Indexers
• B. Forwarder
• C. Search head
• D. Search peers

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Advancedindexingstrategy

NEW QUESTION 20
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

• A. A token-based HTTP input that is secure and scalable and that requires the use of forwarders.
• B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.
• C. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.
• D. A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.

Answer: B

Explanation:
Reference: http://dev.splunk.com/view/event-collector/SP-CAAAE6M

NEW QUESTION 21
In this sourcetype definition the MAX_TIMESTAMP_LOOKAHEAD is missing. Which value would fit best?
[sshd_syslog] TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([rn]+)d{4}-d{2}-d{2} d{2}:d{2}:d{2} SHOUD_LINEMERGE = false
TRUNCATE = 0
Event example: 2021-04-13 13:42:41.214 -0500 server sshd[26219]: Connection from 172.0.2.60 port 47366

• A. MAX_TIMESTAMP_LOOKAHEAD = 5
• B. MAX_TIMESTAMP_LOOKAHEAD = 10
• C. MAX_TIMESTAMP_LOOKAHEAD = 20
• D. MAX_TIMESTAMP_LOOKAHEAD = 30

Answer: B

NEW QUESTION 22
Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?

• A. _TCP_ROUTING
• B. _INDEXER_LIST
• C. _INDEXER_GROUP
• D. _INDEXER_ROUTING

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

NEW QUESTION 23
The universal forwarder has which capabilities when sending data? (Select all that apply.)

• A. Sending alerts
• B. Compressing data
• C. Obfuscating/hiding data
• D. Indexer acknowledgement

Answer: D

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Forwarding/Typesofforwarders

NEW QUESTION 24
How does the Monitoring Console monitor forwarders?

• A. By pulling internal logs from forwarders.
• B. By using the forwarder monitoring add-on.
• C. With internal logs forwarded by forwarders.
• D. With internal logs forwarder by deployment server.

Answer: A

NEW QUESTION 25
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?

• A. Deployer
• B. Cluster master
• C. Deployment server
• D. Search head cluster master

Answer: A

Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/PropagateSHCconfigurationchanges

NEW QUESTION 26
......