Splunk SPLK-1003 Exam Practice Test Instant Access

Question 1

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data

is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the

index?

ABuy a bigger Splunk license.

BAdd 2.5 TB each day for the next 5 days.

CAdd all 10 TB in a single 24 hour period.

DAdd 200 GB of historical data each day for 50 days.

Answer : C

https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Aboutlicenseviolations

'An Enterprise license stack with a license volume of 100 GB of data per day or more does not currently violate.'

Question 2

What is the correct order of steps in Duo Multifactor Authentication?

A1 Request Login
2. Connect to SAML server
3 Duo MFA
4 Create User session
5 Authentication Granted 6. Log into Splunk

B1. Request Login 2 Duo MFA
3. Authentication Granted 4 Connect to SAML server
5. Log into Splunk
6. Create User session

C1 Request Login
2 Check authentication / group mapping
3 Authentication Granted
4. Duo MFA
5. Create User session
6. Log into Splunk

D1 Request Login 2 Duo MFA
3. Check authentication / group mapping
4 Create User session
5. Authentication Granted
6 Log into Splunk

Answer : C

Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk

Scroll down to the Network Diagram section and note the following 6 similar steps

1 - SPlunk connection initiated

2 - Primary authentication

3 - Splunk connection established to Duo Security over TCP port 443

4 - Secondary authentication via Duo Security's service

5 - Splunk receives authentication response

6 - Splunk session logged in.

Question 3

Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?

A_TCP_ROUTING

B_INDEXER_LIST

C_INDEXER_GROUP

D_INDEXER ROUTING

Answer : A

https://docs.splunk.com/Documentation/Splunk/7.0.3/Forwarding/Routeandfilterdatad#Perform_selective_indexing_and_forwarding

Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers by specifying the tcpout groups that the forwarder should use when forwarding the data. Define the tcpout group names in the outputs.conf file in [tcpout:<tcpout_group_name>] stanzas. The groups present in defaultGroup in [tcpout] stanza in the outputs.conf file.

Question 4

Which parent directory contains the configuration files in Splunk?

ASSFLUNK_HOME/etc

BSSPLUNK_HOME/var

CSSPLUNK_HOME/conf

DSSPLUNK_HOME/default

Answer : A

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories

Section titled, Configuration file directories, states 'A detailed list of settings for each configuration file is provided in the .spec file names for that configuration file. You can find the latest version of the .spec and .example files in the $SPLUNK_HOME/etc system/README folder of your Splunk Enterprise installation...'

Question 5

The universal forwarder has which capabilities when sending data? (select all that apply)

ASending alerts

BCompressing data

CObfuscating/hiding data

DIndexer acknowledgement

Answer : B, D

https://docs.splunk.com/Documentation/Splunk/8.0.1/Forwarding/Aboutforwardingandreceivingdata

https://docs.splunk.com/Documentation/Forwarder/8.1.1/Forwarder/Configureforwardingwithoutputs.conf#:~:text=compressed%3Dtrue%20This%20tells%20the,the%20forwarder%20sends%20raw%20data.

Question 6

Where can scripts for scripted inputs reside on the host file system? (select all that apply)

A$SFLUNK_HOME/bin/scripts

B$SPLUNK_HOME/etc/apps/bin

C$SPLUNK_HOME/etc/system/bin

D$S?LUNK_HOME/etc/apps/<your_app>/bin_

Answer : A, C, D

'Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:

$SPLUNK_HOME/etc/system/bin

$SPLUNK_HOME/etc/apps/<your_App>/bin

$SPLUNK_HOME/bin/scripts

As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system.'

Question 7

Which of the following is the use case for the deployment server feature of Splunk?

AManaging distributed workloads in a Splunk environment.

BAutomating upgrades of Splunk forwarder installations on endpoints.

COrchestrating the operations and scale of a containerized Splunk deployment.

DUpdating configuration and distributing apps to processing components, primarily forwarders.

Answer : D

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

'The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances.'

Splunk SPLK-1003 Splunk Enterprise Certified Admin Exam Practice Test