Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Splunk SPLK-3003 - Splunk Core Certified Consultant

Page: 1 / 3
Total 85 questions

In preparation for the deployment of a new environment for a customer, which of the following mappings are correct per PS best practices?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Consider the scenario where the /var/log directory contains the files secure, messages, cron, audit. A customer has created the following inputs.conf stanzas in the same Splunk app in order to attempt to monitor the files secure and messages:

Which file(s) will actually be actively monitored?

A.

/var/log/secure

B.

/var/log/messages

C.

/var/log/messages, /var/log/cron, /var/log/audit, /var/log/secure

D.

/var/log/secure, /var/log/messages

Data can be onboarded using apps, Splunk Web, or the CLI.

Which is the PS preferred method?

A.

Create UDP input port 9997 on a UF.

B.

Use the add data wizard in Splunk Web.

C.

Use the inputs.conf file.

D.

Use a scripted input to monitor a log file.

When using SAML, where does user authentication occur?

A.

Splunk generates a SAML assertion that authenticates the user.

B.

The Service Provider (SP) decodes the SAML request and authenticates the user.

C.

The Identity Provider (IDP) decodes the SAML request and authenticates the user.

D.

The Service Provider (SP) generates a SAML assertion that authenticates the user.

What does Splunk do when it indexes events?

A.

Extracts the top 10 fields.

B.

Extracts metadata fields such as host, source, source type.

C.

Performs parsing, merging, and typing processes on universal forwarders.

D.

Create report acceleration summaries.

Which of the following processor occur in the indexing pipeline?

A.

tcp out, syslog out

B.

Regex replacement, annotator

C.

Aggregator

D.

UTF-8, linebreaker, header

In which of the following scenarios is a subsearch the most appropriate?

A.

When joining results from multiple indexes.

B.

When dynamically filtering hosts.

C.

When filtering indexed fields.

D.

When joining multiple large datasets.

Which of the following statements applies to indexer discovery?

A.

The Cluster Master (CM) can automatically discover new indexers added to the cluster.

B.

Forwarders can automatically discover new indexers added to the cluster.

C.

Deployment servers can automatically configure new indexers added to the cluster.

D.

Search heads can automatically discover new indexers added to the cluster.

A customer would like to remove the output_file capability from users with the default user role to stop them from filling up the disk on the search head with lookup files. What is the best way to remove this capability from users?

A.

Create a new role without the output_file capability that inherits the default user role and assign it to the users.

B.

Create a new role with the output_file capability that inherits the default user role and assign it to the users.

C.

Edit the default user role and remove the output_file capability.

D.

Clone the default user role, remove the output_file capability, and assign it to the users.

Which of the following server roles should be configured for a host which indexes its internal logs locally?

A.

Cluster master

B.

Indexer

C.

Monitoring Console (MC)

D.

Search head