You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Splunk Certified Admin Practice Test 8 "
0 of 50 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Splunk Certified Admin
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Answered
Review
Question 1 of 50
1. Question
Where can scripts for scripted inputs reside on the host file system? (Choose all that apply.)
How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON
Correct
Incorrect
Unattempted
Question 23 of 50
23. Question
Which of the following is a valid distributed search group?
You can unlock a user from the command line. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 28 of 50
28. Question
You have to configure a separate receiving port on the indexer for each universal forwarder. Correct or Incorrect?
Correct
Incorrect, you‘re not required to create a separate port for each universal forwarder. You can just use 9997 or whatever port you specify.
Incorrect
Incorrect, you‘re not required to create a separate port for each universal forwarder. You can just use 9997 or whatever port you specify.
Unattempted
Incorrect, you‘re not required to create a separate port for each universal forwarder. You can just use 9997 or whatever port you specify.
Question 29 of 50
29. Question
When a Universal Forwarder is installed on Windows, the instance provides a GUI. Correct or Incorrect?
Correct
Incorrect, Universal Forwarders do not have a GUI on Windows or any other OS.
Incorrect
Incorrect, Universal Forwarders do not have a GUI on Windows or any other OS.
Unattempted
Incorrect, Universal Forwarders do not have a GUI on Windows or any other OS.
Question 30 of 50
30. Question
Knowledge bundles contain the knowledge objects required by the indexers for searching. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 31 of 50
31. Question
A quarantined search peer is prevented from performing new searches but continues to attempt to service any currently running search. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 32 of 50
32. Question
Search Head Clustering and Indexer clustering are the only two types of clustering provided by Splunk. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 33 of 50
33. Question
Monitoring Console (MC) can be used by the user and power user roles. Correct or Incorrect?
Correct
Incorrect, only admin role can use MC
Incorrect
Incorrect, only admin role can use MC
Unattempted
Incorrect, only admin role can use MC
Question 34 of 50
34. Question
MC runs un-configured in standalone mode by default. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 35 of 50
35. Question
The Monitoring Console does not come with preconfigured health checks. Correct or Incorrect?
Correct
Incorrect, MC does come with preconfigured health checks
Incorrect
Incorrect, MC does come with preconfigured health checks
Unattempted
Incorrect, MC does come with preconfigured health checks
Question 36 of 50
36. Question
Health checks can be disabled, modified, created and exported. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 37 of 50
37. Question
Splunk Enterprise versions 6.5+ provides warnings, but does not disable searching during the violation period. Correct or Incorrect?
Correct
Incorrect
Unattempted
Question 38 of 50
38. Question
Which setting in indexes.conf allows data retention to be controlled by time?
If you want a role that is “like“ the user role, but with some capabilities turned off, you can create a new role that inherits from the user role, then remove some capabilities. Correct or Incorrect?
Correct
Incorrect, you have to create a new role, since you cannot turn off capabilities when inheriting from a user.
Incorrect
Incorrect, you have to create a new role, since you cannot turn off capabilities when inheriting from a user.
Unattempted
Incorrect, you have to create a new role, since you cannot turn off capabilities when inheriting from a user.
Question 40 of 50
40. Question
In case of a conflict between a whitelist and a blacklist input setting, which one is used?
This file has been manually created on a universal forwarder: /opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages] sourcetype=syslog index=syslog A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog index=syslog Which file is now monitored?
You update a props.conf file while Splunk is running. You do not restart Splunk and you run this command: splunk btool props list ′“-debug. What will the output be?