You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Splunk Certified Admin Practice Test 5 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Splunk Certified Admin
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Which of these are true statements about Heavy Forwarders? (Select all that apply)
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
Select all valid Windows specific Input types. (Select all that apply)
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
Which of the following are true about the Windows Universal Forwarder?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
If set to 1, monitoring begins at the end of the file like (*NIX tail-f)
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
Monitor stanzas in inputs.conf supports these wildcards. (Select all that apply)
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
The host_segment parameter sets the segment of the path as the host. Path segments are separated by what character?
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
You can override the default host value with these three methods: (Select all that apply)
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
Based on use case scenarios, you may want to disable Splunk Web on the Heavy Forwarder. This can be done in which conf file?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
For Heavy Forwarders, you can deploy an ______ file from the deployment server to receive data.
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
Windows Input configuration options allow for the setting of ___ whitelist and blacklist per stanza.
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
Which of the following is true about Indexer Acknowledgment?(Select all that apply)
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
In load-balanced situations, if the forwarder can‘t reach an indexer for any reason, what happens?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
Normally, the event boundary is determined on the _______.
Correct
Incorrect
Unattempted
Question 14 of 65
14. Question
What is the default frequency for Time-based load balancing?
Correct
Incorrect
Unattempted
Question 15 of 65
15. Question
Which of the following answers are true about turning on SSL for Forwarding streams?(Select all that apply)
Correct
Incorrect
Unattempted
Question 16 of 65
16. Question
Universal Forwarders can be configured to send data to two different indexes using what? (Select all that apply)
Correct
Incorrect
Unattempted
Question 17 of 65
17. Question
Which index on the indexer would you search to see if your forwarder is configured correctly and sending data?
Correct
Incorrect
Unattempted
Question 18 of 65
18. Question
On a Forwarder, how would you add an indexer via the CLI?
Correct
Incorrect
Unattempted
Question 19 of 65
19. Question
Which of the following are true about configuring wmi.conf for Windows remote inputs? (Select all that apply)
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
Event collector can be set up on: (Select all that apply)
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
Which of the following are true about HTTP Event Collectors? (Select all that apply)
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
What version of Splunk should be running on the test environment deployment?
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
What are data modifications in props.conf based on?
Correct
Incorrect
Unattempted
Question 24 of 65
24. Question
What stanzas can you use wildcards(*) and regex in?
Correct
Incorrect
Unattempted
Question 25 of 65
25. Question
What .conf file should you configure in your forwarder if you have input phase settings?
Correct
Incorrect
Unattempted
Question 26 of 65
26. Question
During the input phase, Splunk sets all input data to UTF-8 encoding by default, what attribute can override this?
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
What should you set the attribute to for character encoding during the input phase to override the default so that splunk software can automatically detect languages and proper character sets?
When you add a directory monitor and specify a ________ explicitly, it applies to all files in the directory and subdirectories.
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
What .conf file can you use to override the source type for directory monitors?
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
What .conf file can you omit the source type in?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
As data arrives into the indexer and goes through the parsing phase, the data is broken into ____.
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
Splunk parsing phase determines where one event ___ and the next event ____ .
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
For handling single line events, set SHOULD_LINEMERGE to ________ in apps/App/local/props.conf to explicitly set line breaking. By default, it is set to _________, assuming events span over multi lines.
Correct
Incorrect
Unattempted
Question 34 of 65
34. Question
The btprobe command is used to reset one source for re-indexing. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 35 of 65
35. Question
When memory queue is full, persistent queue is used and is preserved across RESTARTS. Hint: This is a solution of input failure. Correct or Incorrect?
All modifications and extractions are written to disk along with _raw and metadata. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
sedcmd can be used to eliminate unwanted events. Correct or Incorrect?
Correct
Incorrect, you have to use transforms.conf. sedcmd can only be used to mask or truncate data.
Incorrect
Incorrect, you have to use transforms.conf. sedcmd can only be used to mask or truncate data.
Unattempted
Incorrect, you have to use transforms.conf. sedcmd can only be used to mask or truncate data.
Question 38 of 65
38. Question
When using transforms.conf, the SOURCE_KEY is set to _raw by default. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 39 of 65
39. Question
The Monitoring Console (MC) is a Splunk app used to monitor and investigate Splunk performance, resource usage and more. This can be used by the admin or power user. Correct or Incorrect?
Correct
Incorrect, Admin-only
Incorrect
Incorrect, Admin-only
Unattempted
Incorrect, Admin-only
Question 40 of 65
40. Question
When you delete an app, all of its related configuration files and scripts are deleted from the Splunk server. Including the user‘s private app artifacts. Correct or Incorrect?
Correct
Incorrect, the user‘s private app artifacts remain untouched.
Incorrect
Incorrect, the user‘s private app artifacts remain untouched.
Unattempted
Incorrect, the user‘s private app artifacts remain untouched.
Question 41 of 65
41. Question
When overriding defaults, the correct method is to do so in the local directory at the same scope and copying the entire config file. Correct or Incorrect?
Correct
-Incorrect, you should only add the items you are overriding.
Incorrect
-Incorrect, you should only add the items you are overriding.
Unattempted
-Incorrect, you should only add the items you are overriding.
Question 42 of 65
42. Question
If the app is changed on the Deployment Server, then the forwarder will load the updated app after its next restart (splunk restart). Correct or Incorrect?
Correct
-Incorrect, It is updated after its next phone-home.
Incorrect
-Incorrect, It is updated after its next phone-home.
Unattempted
-Incorrect, It is updated after its next phone-home.
Question 43 of 65
43. Question
When using the delete command, Splunk marks the events as deleted and they never show in searches or index again. Correct or Incorrect?
Correct
Incorrect, this is a virtual delete so the information is still on the index.
Incorrect
Incorrect, this is a virtual delete so the information is still on the index.
Unattempted
Incorrect, this is a virtual delete so the information is still on the index.
Question 44 of 65
44. Question
Where do you delete the fishbucket file to re-index data?
Correct
Incorrect
Unattempted
Question 45 of 65
45. Question
A ________ is used to distribute apps and configs on a distributed system.
Correct
Incorrect
Unattempted
Question 46 of 65
46. Question
A ________ is used for search head apps and configurations.
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
Where is deploymentclient.conf located?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
By default, the admin has the ability to delete using the delete command. Correct or Incorrect?
Correct
Incorrect
Incorrect
Incorrect
Unattempted
Incorrect
Question 49 of 65
49. Question
Users that have been locked out or have forgotten their password, can be unlocked or reset from the CLI only. Correct or Incorrect?