Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk SPLK-1003 Based on Real Exam Environment

Page: 3 / 15
Total 206 questions

Splunk Enterprise Certified Admin Questions and Answers

Question 9

Where are deployment server apps mapped to clients?

Options:

A.

Apps tab in forwarder management interface or clientapps.conf.

B.

Clients tab in forwarder management interface or deploymentclient.conf.

C.

Server Classes tab in forwarder management interface or serverclass.conf.

D.

Client Applications tab in forwarder management interface or clientapps.conf.

Question 10

How does the Monitoring Console monitor forwarders?

Options:

A.

By pulling internal logs from forwarders.

B.

By using the forwarder monitoring add-on

C.

With internal logs forwarded by forwarders.

D.

With internal logs forwarded by deployment server.

Question 11

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as

follows: 123-44-5678.

Which configuration file and stanza pair will mask possible SSNs in the log events?

Options:

A.

props.conf[mask-SSN]REX = (?ms)^(.)\ < [SSN > \d{3}-?\d{2}-?(\d{4}.*)$ " FORMAT = $1 < SSN > ###-##-$2KEY = _raw

B.

props.conf[mask-SSN]REGEX = (?ms)^(.)\ < [SSN > \d{3}-?\d{2}-?(\d{4}.*)$ " FORMAT = $1 < SSN > ###-##-$2DEST_KEY = _raw

C.

transforms.conf[mask-SSN]REX = (?ms)^(.)\ < [SSN > \d{3}-?\d{2}-?(\d{4}.*)$ " FORMAT = $1 < SSN > ###-##-$2DEST_KEY = _raw

D.

transforms.conf[mask-SSN]REGEX = (?ms)^(.)\ < [SSN > \d{3}-?\d{2}-?(\d{4}.*)$ " FORMAT = $1 < SSN > ###-##-$2DEST_KEY = _raw

Question 12

TheLINE_BREAKERattribute is configured in which configuration file?

Options:

A.

props.conf

B.

indexes.conf

C.

inpucs.conf

D.

transforms.conf

Page: 3 / 15
Total 206 questions