Splunk Admin Exam With Complete Solutions 100%
Correct Latest Update
Which is applied if there is a conflict between a whitelist and blacklist input setting?
A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whichever is entered into the configuration first. - ANSWER Blacklist
Which authentication methods does Splunk Enterprise support natively? (choose all that
apply)
A. LDAP
B. SAML
C. Radius
D. Duo Multifactor Authentication - ANSWER LDAP
SAML
Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc/system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses - ANSWER $SPLUNK_HOME/etc/licenses
,What type of data is counted against the Enterprise license at a flated 150 bytes per
event?
A. License data
B. Metricsdata
C. Internal Splunk data
D. Internal Windows logs - ANSWER Metricsdata
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment
server and
deploys the same app with a new input:
inputs.conf file:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/mail;pg]
sourcetype=syslog
index=syslog
What file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages
D. none of the above - ANSWER /var/log/maillog
Which following optional setting in inputs.conf allows you to selectively forward the data
to one or more specific indexer(s)?
A. _TCP_ROUTING
, B. _INDEXER_LIST
C. _INDEXER_GROUP
D. _INDEXER ROUTING - ANSWER _TCP_ROUTING
How often does Splunk recheck the LDAP server?
A. Every 5 minutes
B. Each time a user logs in
C. Each time Splunk is restarted
D. Varies based on LDAP_refresh setting. - ANSWER Each time a user logs in
Which of the following settings in indexes. conf will allow data retention to be controlled
based on time?
A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodlnSecs - ANSWER frozenTimePeriodlnSecs
Which of the following will allow compression for universal forwarders in outputs. conf?
A)
[udpout:mysplunk_indexer1]
compression=true
B)
[tcpout]
defaultGroup=my_indexers
compressed=true
C)
/opt/splunkforwarder/bin/splunk enable compression
Correct Latest Update
Which is applied if there is a conflict between a whitelist and blacklist input setting?
A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whichever is entered into the configuration first. - ANSWER Blacklist
Which authentication methods does Splunk Enterprise support natively? (choose all that
apply)
A. LDAP
B. SAML
C. Radius
D. Duo Multifactor Authentication - ANSWER LDAP
SAML
Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc/system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses - ANSWER $SPLUNK_HOME/etc/licenses
,What type of data is counted against the Enterprise license at a flated 150 bytes per
event?
A. License data
B. Metricsdata
C. Internal Splunk data
D. Internal Windows logs - ANSWER Metricsdata
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment
server and
deploys the same app with a new input:
inputs.conf file:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/mail;pg]
sourcetype=syslog
index=syslog
What file is now monitored?
A. /var/log/messages
B. /var/log/maillog
C. /var/log/maillog and /var/log/messages
D. none of the above - ANSWER /var/log/maillog
Which following optional setting in inputs.conf allows you to selectively forward the data
to one or more specific indexer(s)?
A. _TCP_ROUTING
, B. _INDEXER_LIST
C. _INDEXER_GROUP
D. _INDEXER ROUTING - ANSWER _TCP_ROUTING
How often does Splunk recheck the LDAP server?
A. Every 5 minutes
B. Each time a user logs in
C. Each time Splunk is restarted
D. Varies based on LDAP_refresh setting. - ANSWER Each time a user logs in
Which of the following settings in indexes. conf will allow data retention to be controlled
based on time?
A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodlnSecs - ANSWER frozenTimePeriodlnSecs
Which of the following will allow compression for universal forwarders in outputs. conf?
A)
[udpout:mysplunk_indexer1]
compression=true
B)
[tcpout]
defaultGroup=my_indexers
compressed=true
C)
/opt/splunkforwarder/bin/splunk enable compression
