Full Access Splunk SPLK-1003 Tutorials

Splunk Enterprise Certified Admin Questions and Answers

Question 17

Who provides the Application Secret, Integration, and Secret keys, as well as the API Hostname when setting

up Duo for Multi-Factor Authentication in Splunk Enterprise?

Options:

Duo Administrator

LDAP Administrator

SAML Administrator

Trio Administrator

Question 18

Which Splunk component does a search head primarily communicate with?

Options:

Indexer

Forwarder

Cluster master

Deployment server

Question 19

Which pathway represents where a network input in Splunk might be found?

Options:

$SPLUNK HOME/ etc/ apps/ ne two r k/ inputs.conf

$SPLUNK HOME/ etc/ apps/ $appName/ local / inputs.conf

$SPLUNK HOME/ system/ local /udp.conf

$SPLUNK HOME/ var/lib/ splunk/$inputName/homePath/

Answer:

Explanation:

The correct answer is B. The network input in Splunk might be found in the $SPLUNK_HOME/etc/apps/$appName/local/inputs.conf file.

A network input is a type of input that monitors data from TCP or UDP ports. To configure a network input, you need to specify the port number, the connection host, the source, and the sourcetype in the inputs.conf file. You can also set other optional settings, such as index, queue, and host_regex1.

The inputs.conf file is a configuration file that contains the settings for different types of inputs, such as files, directories, scripts, network ports, and Windows event logs. The inputs.conf file can be located in various directories, depending on the scope and priority of the settings. The most common locations are:

$SPLUNK_HOME/etc/system/default: This directory contains the default settings for all inputs. You should not modify or copy the files in this directory2.

$SPLUNK_HOME/etc/system/local: This directory contains the custom settings for all inputs that apply to the entire Splunk instance. The settings in this directory override the default settings2.

$SPLUNK_HOME/etc/apps/$appName/default: This directory contains the default settings for all inputs that are specific to an app. You should not modify or copy the files in this directory2.

$SPLUNK_HOME/etc/apps/$appName/local: This directory contains the custom settings for all inputs that are specific to an app. The settings in this directory override the default and system settings2.

Therefore, the best practice is to create or edit the inputs.conf file in the $SPLUNK_HOME/etc/apps/$appName/local directory, where $appName is the name of the app that you want to configure the network input for. This way, you can avoid modifying the default files and ensure that your settings are applied to the specific app.

The other options are incorrect because:

A. There is no network directory under the apps directory. The network input settings should be in the inputs.conf file, not in a separate directory.

C. There is no udp.conf file in Splunk. The network input settings should be in the inputs.conf file, not in a separate file. The system directory is not the recommended location for custom settings, as it affects the entire Splunk instance.

D. The var/lib/splunk directory is where Splunk stores the indexed data, not the input settings. The homePath setting is used to specify the location of the index data, not the input data. The inputName is not a valid variable for inputs.conf.

Question 20

Using the CLI on the forwarder, how could the current forwarder to indexer configuration be viewed?

Options:

splunk btool server list --debug

splunk list forward-indexer

splunk list forward-server

splunk btool indexes list --debug

Big Halloween Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk Enterprise Certified Admin Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce