Splunk SPLK-1003 Actual Questions

Splunk Enterprise Certified Admin Questions and Answers

Question 13

A Splunk administrator has been tasked with developing a retention strategy to have frequently accessed data sets on SSD storage and to have older, less frequently accessed data on slower NAS storage. They have set a mount point for the NAS. Which parameter do they need to modify to set the path for the older, less frequently accessed data in indexes.conf?

Options:

homepath

thawedPath

summaryHomePath

colddeath

Question 14

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Event:

[22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309

Options:

SEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g

SEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g

SEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g

Question 15

Where are license files stored?

Options:

$SPLUNK_HOME/etc/secure

$SPLUNK_HOME/etc/system

$SPLUNK_HOME/etc/licenses

$SPLUNK_HOME/etc/apps/licenses

Question 16

When Splunk is integrated with LDAP, which attribute can be changed in the Splunk UI for an LDAP user?

Options:

Default app

LDAP group

Password

Username

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Splunk Enterprise Certified Admin Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce