You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Splunk Certified Admin Practice Test 4 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Splunk Certified Admin
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Inputs for the Windows Forwarder can be configured during the installation process or manually in outputs.conf. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
Search scheduler cannot run a report on behalf of a nonexistent owner. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
When users create or modify knowledge objects, Splunk Web does not automatically update the .conf files. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
You should add custom fields to the set of default fields that Splunk extracts and indexes. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
Splunk attempts to auto-detect a sourcetype. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
When extracting a timestamp, if the parser finds the indexer‘s OS time, it will use that as the first preference. Correct or Incorrect?
Correct
-Incorrect, Indexer time is last preference
Incorrect
-Incorrect, Indexer time is last preference
Unattempted
-Incorrect, Indexer time is last preference
Question 7 of 65
7. Question
MAX_TIMESTAMP_LOOKAHEAD works in conjunction with TIME_PREFIX and it improves efficiency of timestamp extraction. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
Both Heavy Forwarders and Universal Forwarders parse events. Correct or Incorrect?
Correct
Incorrect, Indexers & Heavy Forwarders parse.
Incorrect
Incorrect, Indexers & Heavy Forwarders parse.
Unattempted
Incorrect, Indexers & Heavy Forwarders parse.
Question 9 of 65
9. Question
If you are sending test inputs to a test index, it requires a splunkd restart? Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
Splunk runs a default search on a weekly schedule to detect orphaned scheduled reports. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
Splunk re-indexes the data when inputs.conf is edited. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
When filtering unwanted events to the null queue, events discarded at this point count against your daily license quota. Correct or Incorrect?
Correct
Incorrect, they DO NOT count against your daily license quota
Incorrect
Incorrect, they DO NOT count against your daily license quota
Unattempted
Incorrect, they DO NOT count against your daily license quota
Question 13 of 65
13. Question
When modifying _raw events, indexed data will not be identical to the original data source. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
In concerns of confidential information, it‘s not necessary to modify the underlying raw data before it is indexed. Correct or Incorrect?
Correct
Incorrect, in case of Privacy concerns, (healthcare, financial transactions, data across international boundaries), and separating data according to business use-cases (audit vs security logs)
Incorrect
Incorrect, in case of Privacy concerns, (healthcare, financial transactions, data across international boundaries), and separating data according to business use-cases (audit vs security logs)
Unattempted
Incorrect, in case of Privacy concerns, (healthcare, financial transactions, data across international boundaries), and separating data according to business use-cases (audit vs security logs)
Question 15 of 65
15. Question
If Sydney Bristow created and executed a scripted input, the passAuth attribute must be defined. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
Editing inputs.conf only applies changes to new data, it does not change the data. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 17 of 65
17. Question
Using Monitor Inputs, Splunk can also read files compressed with gzip. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
A deploymentclient.conf file is created when you create a Heavy Forwarder. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
When creating a diag file, some customer data such as customer name, is retrieved but no proprietary data is included.
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
Restarting the Indexer will cause data loss of TCP or UDP inputs Correct or Incorrect?
Correct
-Incorrect, restarting the Indexer will not cause data loss.
Incorrect
-Incorrect, restarting the Indexer will not cause data loss.
Unattempted
-Incorrect, restarting the Indexer will not cause data loss.
Question 21 of 65
21. Question
When adding a network input, if the ‘Only accept connection from‘ is not specified, all hosts are allowed to establish a connection?Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
The listed stanza is proper syntax for defining Persistent Queues. INPUTS.conf[tcp://9001]persistentQueueSize=5GBqueueSize=10MB Correct or Incorrect?
Correct
-Incorrect, the listed stanza is not in proper syntax for defining Persistent Queues.
Incorrect
-Incorrect, the listed stanza is not in proper syntax for defining Persistent Queues.
Unattempted
-Incorrect, the listed stanza is not in proper syntax for defining Persistent Queues.
Question 23 of 65
23. Question
A user would like to execute a script using the stanza listed BELOW.[script://APO.sh]host = horizonsource = /etc/apps/rembaldi/binsourcetype = aliasinterval = 30The scripted input will execute.Correct or Incorrect?
Correct
Incorrect, the passAuth attribute will need to be defined to run as the specified OS user
Incorrect
Incorrect, the passAuth attribute will need to be defined to run as the specified OS user
Unattempted
Incorrect, the passAuth attribute will need to be defined to run as the specified OS user
Question 24 of 65
24. Question
The Network Memory maxQueueSize attribute is defined in the INPUTS.conf Correct or Incorrect?
Correct
Incorrect, the maxQueueSize attribute is defined in the outputs.conf file
Incorrect
Incorrect, the maxQueueSize attribute is defined in the outputs.conf file
Unattempted
Incorrect, the maxQueueSize attribute is defined in the outputs.conf file
Question 25 of 65
25. Question
In props.conf example stanza below, itops is the namespace and is used to determine the sequence.[mysrctype]TRANSFORMS-itops = route_errs_warnsCorrect or Incorrect?
Correct
Incorrect
Unattempted
Question 26 of 65
26. Question
You define the transformations in props.conf and invoke it from transforms.conf Correct or Incorrect?
Correct
Incorrect, reverse the .conf files.
Incorrect
Incorrect, reverse the .conf files.
Unattempted
Incorrect, reverse the .conf files.
Question 27 of 65
27. Question
What hardware attribute would you need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
inputs.conf is created when Upload or Index Once is selected. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
The Input phase is less efficient, but provides finer control than the Parsing Phase. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
If Splunk recognizes the data, it will assign a sourcetype automatically and you are not able to change it. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
The Universal Forwarder gathers data from a host and sends it to the indexers. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
Forwarding Compression can be set on the forwarder or the indexer. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
In the Network Input Host field, the IP address is the default host attribute. Correct or Incorrect?
Correct
Incorrect, the host is set to a DNS name using reverse IP lookup
Incorrect
Incorrect, the host is set to a DNS name using reverse IP lookup
Unattempted
Incorrect, the host is set to a DNS name using reverse IP lookup
Question 34 of 65
34. Question
Which of the following are supported options when configuring optional network inputs?
Correct
-Metadata overrideÂ’s refer to host name based on DNS, IP or pre-defined value. Sender filtering options refer to blocking or accepting a network input based on the senders IPv4, IPv6, CIDR block or DNS name. Network input queues refer to controlling how recieved data is gathered before it is sent to the indexer. queueSize default is 500kb. Optionaly persistentQueueSize can be defined so that network input data can be stored on the disk, for events where the indexers are not available, otherwise the data will be droped when queueSize is reached but unable to be sent to the indexer.
Incorrect
-Metadata overrideÂ’s refer to host name based on DNS, IP or pre-defined value. Sender filtering options refer to blocking or accepting a network input based on the senders IPv4, IPv6, CIDR block or DNS name. Network input queues refer to controlling how recieved data is gathered before it is sent to the indexer. queueSize default is 500kb. Optionaly persistentQueueSize can be defined so that network input data can be stored on the disk, for events where the indexers are not available, otherwise the data will be droped when queueSize is reached but unable to be sent to the indexer.
Unattempted
-Metadata overrideÂ’s refer to host name based on DNS, IP or pre-defined value. Sender filtering options refer to blocking or accepting a network input based on the senders IPv4, IPv6, CIDR block or DNS name. Network input queues refer to controlling how recieved data is gathered before it is sent to the indexer. queueSize default is 500kb. Optionaly persistentQueueSize can be defined so that network input data can be stored on the disk, for events where the indexers are not available, otherwise the data will be droped when queueSize is reached but unable to be sent to the indexer.
Question 35 of 65
35. Question
Which option accurately describes the purpose of the HTTP Event Collector (HEC)?
Correct
Incorrect
Unattempted
Question 36 of 65
36. Question
Which Splunk component performs indexing and responds to search requests from the search head?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
What is the default character encoding used by Splunk during the input phase?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
Which valid bucket types are searchable? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 40 of 65
40. Question
Which of the following is a valid distributed search group?
Correct
Incorrect
Unattempted
Question 41 of 65
41. Question
Which Splunk component does a search head primarily communicate with?
How do you remove missing forwarders from the Monitoring Console?
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
Which of the following are methods for adding inputs in Splunk? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
Which Splunk component performs indexing and responds to search requests from the search head?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
Which of the following apply to how distributed search works? (Select all that apply.)
Correct
With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch
Incorrect
With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch
Unattempted
With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch With distributed search, a Splunk Enterprise instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Source – https://docs.splunk.com/Documentation/Splunk/8.1.0/DistSearch/Whatisdistributedsearch
Question 49 of 65
49. Question
What is the default character encoding used by Splunk during the input phase?
Correct
Incorrect
Unattempted
Question 50 of 65
50. Question
Which of the following statements apply to directory inputs? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
Which of the following statements apply to directory inputs? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 52 of 65
52. Question
Which authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 53 of 65
53. Question
Where are license files stored?
Correct
Incorrect
Unattempted
Question 54 of 65
54. Question
Local user accounts created in Splunk store passwords in which file?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?
Correct
Incorrect
Unattempted
Question 56 of 65
56. Question
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
Correct
Incorrect
Unattempted
Question 57 of 65
57. Question
What are the minimum required settings when creating a network input in Splunk?
Correct
Incorrect
Unattempted
Question 58 of 65
58. Question
Which valid bucket types are searchable? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 59 of 65
59. Question
Which of the following authentication types requires scripting in Splunk?
Correct
Incorrect
Unattempted
Question 60 of 65
60. Question
Which of the following are required when defining an index in indexes.conf? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 61 of 65
61. Question
Which of the following is a valid distributed search group?
Which of the following indexes come pre-configured with Splunk Enterprise? (Select all that apply.)
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
In this sourcetype definition the MAX_TIMESTAMP_LOOKAHEAD is missing. Which value would fit best? [sshd_syslog] TIME_PREFIX = ^ TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z LINE_BREAKER = ([rn]+)d{4}-d{2}-d{2} d{2}:d{2}:d{2} SHOUD_LINEMERGE = false TRUNCATE = 0 Event example: 2018-04-13 13:42:41.214 -0500 server sshd[26219]: Connection from 172.0.2.60 port 47366