Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

SPLK-1003 Splunk Exam Lab Questions

Page: 11 / 15
Total 206 questions

Splunk Enterprise Certified Admin Questions and Answers

Question 41

Immediately after installation, what will a Universal Forwarder do first?

Options:

A.

Automatically detect any indexers in its subnet and begin routing data.

B.

Begin generating internal Splunk logs.

C.

Begin reading local files on its server.

D.

Send an email to the operator that the installation process has completed.

Question 42

Which of the following is true when authenticating users to Splunk using LDAP?

Options:

A.

LDAP group names must match the Splunk role name defined in authorize.conf.

B.

Splunk will search each LDAP strategy in the order in which they are listed in authentication.conf.

C.

Splunk only supports encrypted LDAP connections.

D.

LDAP will take precedence over local users with the same username as defined in etc/passwd.

Question 43

Within props. conf, which stanzas are valid for data modification? (select all that apply)

Options:

A.

Host

B.

Server

C.

Source

D.

Sourcetype

Question 44

A configuration file in a deployed app needs to be directly edited. Which steps would ensure a successful deployment to clients?

Options:

A.

Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and the change will be automatically sent to the deployment clients.

B.

Make the change in $SPLUNK HOME /etc/apps/$appname/local/ on any of the deployment clients, and then run the command . / splunk reload deploy-server to push that change to the deployment server.

C.

Make the change in $SPLUNK HOME/etc/dep10yment apps/$appName/10ca1/ on the deployment server, and then run $SPLUNK HOME/bin/sp1unk reload deploy—server.

D.

Make the change in $SPLUNK HOME/etc/apps/$appName/defau1t on the deployment server, and it will be distributed down to the clients ' own local versions.

Page: 11 / 15
Total 206 questions