You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Splunk Certified Admin Practice Test 2 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Splunk Certified Admin
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Within props.conf, which stanzas are valid for data modification? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
What type of data is counted against the Enterprise license at a fixed 150 bytes per event?
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
Which of the following authentication types requires scripting in Splunk?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
Which of the following statements apply to directory inputs? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
Local user accounts created in Splunk store passwords in which file?
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
What are the minimum required settings when creating a network input in Splunk?
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
Which forwarder type can parse data prior to forwarding?
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
Which of the following enables compression for universal forwarders in outputs.conf?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
What is the correct order of steps in Duo Multifactor Authentication?
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
In which Splunk configuration is the SEDCMD used?
Correct
Incorrect
Unattempted
Question 15 of 65
15. Question
Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
What is the default character encoding used by Splunk during the input phase?
Correct
Incorrect
Unattempted
Question 17 of 65
17. Question
The universal forwarder has which capabilities when sending data? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
What is required when adding a native user to Splunk? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
What options are available when creating custom roles? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
To set up a network input in Splunk, what needs to be specified?
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
Which authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
User role inheritance allows what to be inherited from the parent role? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 24 of 65
24. Question
What is the difference between the two wildcards É and * for the monitor stanza in inputs.conf?
Correct
Incorrect
Unattempted
Question 25 of 65
25. Question
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Correct
Incorrect
Unattempted
Question 26 of 65
26. Question
Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
The priority of layered Splunk configuration files depends on the fileÕs:
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list Ðdebug. What will the output be?
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
Which of the following apply to how distributed search works? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
In this sourcetype definition the MAX_TIMESTAMP_LOOKAHEAD is missing. Which value would fit best?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
Which layers are involved in Splunk configuration file layering? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
How do you remove missing forwarders from the Monitoring Console?
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
Correct
Incorrect
Unattempted
Question 34 of 65
34. Question
Which of the following is a way to exclude search artifacts when creating a diag?
Correct
Incorrect
Unattempted
Question 35 of 65
35. Question
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 36 of 65
36. Question
What is a Splunk Job? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files. What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
Which of the following commands is used to clear the KV store?
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
In the deployment planning process, when should a person identify who gets to see network data?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
Which of the following can a Splunk diag contain?
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
Which of the following statements describe search head clustering?(Select all that apply.)
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
How does the average run time of all searches relate to the available CPU cores on the indexers?
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest precedence?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
To improve Splunk performance, parallelIngestionPipelines setting can be adjusted on which of the following components in the Splunk architecture? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
What is the minimum reference server specification for a Splunk indexer?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
Which of the following should be included in a deployment plan?
Correct
Incorrect
Unattempted
Question 49 of 65
49. Question
Which two sections can be expanded using the SearchJob Inspector?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
Configurations from the deployer are merged into which location on the search head cluster member?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
Which of the following describe migration from single-site to multisite index replication?
Correct
Incorrect
Unattempted
Question 52 of 65
52. Question
Which Splunk server role regulates the functioning of indexer cluster?
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
Which of the following statements describe a Search Head Cluster (SHC) captain? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 54 of 65
54. Question
When Splunk is installed, where are the internal indexes stored by default?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 56 of 65
56. Question
When adding or decommissioning a member from a Search Head Cluster (SHC), what is the proper order of operations?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
To reduce the captains work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?
Correct
Incorrect
Unattempted
Question 61 of 65
61. Question
Where can scripts for scripted inputs reside on the host file system? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
How does the Monitoring Console monitor forwarders?
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
Which valid bucket types are searchable? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 64 of 65
64. Question
Which of the following indexes come pre-configured with Splunk Enterprise? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 65 of 65
65. Question
Which setting in indexes.conf allows data retention to be controlled by time?
Correct
Incorrect
Unattempted
Use Page numbers below to navigate to other practice tests
