An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data
is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the
index?
Answer : C
https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Aboutlicenseviolations
'An Enterprise license stack with a license volume of 100 GB of data per day or more does not currently violate.'
What is the correct order of steps in Duo Multifactor Authentication?
Answer : C
Using the provided DUO/Splunk reference URL https://duo.com/docs/splunk
Scroll down to the Network Diagram section and note the following 6 similar steps
1 - SPlunk connection initiated
2 - Primary authentication
3 - Splunk connection established to Duo Security over TCP port 443
4 - Secondary authentication via Duo Security's service
5 - Splunk receives authentication response
6 - Splunk session logged in.
Which optional configuration setting in inputs .conf allows you to selectively forward the data to specific indexer(s)?
Answer : A
Specifies a comma-separated list of tcpout group names. Use this setting to selectively forward your data to specific indexers by specifying the tcpout groups that the forwarder should use when forwarding the data. Define the tcpout group names in the outputs.conf file in [tcpout:<tcpout_group_name>] stanzas. The groups present in defaultGroup in [tcpout] stanza in the outputs.conf file.
Which parent directory contains the configuration files in Splunk?
Answer : A
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Configurationfiledirectories
Section titled, Configuration file directories, states 'A detailed list of settings for each configuration file is provided in the .spec file names for that configuration file. You can find the latest version of the .spec and .example files in the $SPLUNK_HOME/etc system/README folder of your Splunk Enterprise installation...'
The universal forwarder has which capabilities when sending data? (select all that apply)
Where can scripts for scripted inputs reside on the host file system? (select all that apply)
Answer : A, C, D
'Where to place the scripts for scripted inputs. The script that you refer to in $SCRIPT can reside in only one of the following places on the host file system:
$SPLUNK_HOME/etc/system/bin
$SPLUNK_HOME/etc/apps/<your_App>/bin
$SPLUNK_HOME/bin/scripts
As a best practice, put your script in the bin/ directory that is nearest to the inputs.conf file that calls your script on the host file system.'
Which of the following is the use case for the deployment server feature of Splunk?
Answer : D
https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver
'The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances.'