New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Splunk SPLK-1003 - Splunk Enterprise Certified Admin

Splunk SPLK-1003 Premium Access     Download Demo    
Page: 3 / 6
Total 202 questions

Which Splunk forwarder has a built-in license?

A.

Light forwarder

B.

Heavy forwarder

C.

Universal forwarder

D.

Cloud forwarder

Which Splunk indexer operating system platform is supported when sending logs from a Windows universal forwarder?

A.

Any OS platform

B.

Linux platform only

C.

Windows platform only.

D.

None of the above.

To set up a Network input in Splunk, what needs to be specified'?

A.

File path.

B.

Username and password

C.

Network protocol and port number.

D.

Network protocol and MAC address.

What hardware attribute would need to be changed to increase the number of simultaneous searches (ad-hoc and scheduled) on a single search head?

A.

Disk

B.

CPUs

C.

Memory

D.

Network interface cards

Which authentication methods are natively supported within Splunk Enterprise? (select all that apply)

A.

LDAP

B.

SAML

C.

RADIUS

D.

Duo Multifactor Authentication

What happens when the same username exists in Splunk as well as through LDAP?

A.

Splunk user is automatically deleted from authentication.conf.

B.

LDAP settings take precedence.

C.

Splunk settings take precedence.

D.

LDAP user is automatically deleted from authentication.conf

An admin oversees an environment with a 1000 GBI day license. The configuration file

server.conf has strict pool quota=false set. The license is divided into the following three pools, and today's usage is shown on the right-hand column:

PoolLicense SizeToday's usage

X500 GB/day100 GB

Y350 GB/day400 GB

Z150 GB/day300 GB

Given this, which pool(s) are issued warnings?

A.

All pools

B.

Z only

C.

None

D.

Y and Z

Which is a valid stanza for a network input?

A.

[udp://172.16.10.1:9997]connection = dnssourcetype = dns

B.

[any://172.16.10.1:10001]connection_host = ipsourcetype = web

C.

[tcp://172.16.10.1:9997]connection_host = websourcetype = web

D.

[tcp://172.16.10.1:10001]connection_host = dnssourcetype = dns

Which scenario is applicable given the stanzas in authentication.conf below?

[authentication]

externalTwoFactorAuthVendor = Duo

externalTwoFactorAuthSettings = duoMFA

[duoMFA]

integrationKey = aGFwcHliaXJ0aGRheU1pZGR5

secretKey = YXVzdHJhaWxpYW5Gb3JHcmVw

applicationKey = c3BsaW5raW5ndGhlcGx1bWJ1c3NpbmN1OTU

apiHostname = 466993018.duosecurity.com

failOpen = True

timeout = 60

A.

If Splunk cannot connect to the multifactor authentication provider, all logins will be denied.

B.

Multifactor authentication is required to log into the host operating system.

C.

The secretKey does not need to be protected since multifactor authentication is turned on.

D.

If Splunk cannot connect to the multifactor authentication provider, authentications will be successful without completing a multifactor challenge.

When would the following command be used?

A.

To verify' the integrity of a local index.

B.

To verify the integrity of a SmartStore index.

C.

To verify the integrity of a SmartStore bucket.

D.

To verify the integrity of a local bucket.