Splunk Certified Admin Dump Exam 2023 Answered
Complete
Within props.conf, which stanzas are valid for data modification? (select all that
apply)
A. Host
B. Server
C. Source
D. Sourcetype
ANSWER: ACD
The universal forwarder has which capabilities when sending data?
A. Sending alerts
B. Compressing Data
C. Obfuscating/hiding data
D. Indexer acknowledgement
ANSWER: BD
When running the command show below, what is the default path in which
deployment server.conf is created?
splunk set deploy-poll deployServer:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C. SPLUNK_HOME/etc/system/default
D. SPLUNK_HOME/etc/apps/deployment
ANSWER: B
What type of data is counted against the Enterprise license at a fixed 150 bytes
per event?
A. License data
B. Metrics data
C. Internal Splunk data
D. Internal Windows logs
ANSWER: B
In case of a conflict between a whitelist and a blacklist input settings, which one
is used?
A. Blacklist
B. Whitelist
C. They cancel each other out
D. Whichever is entered into the configuration first
ANSWER: A
, Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses
ANSWER: C
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which
value would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = false
TRUNCATE = 0
A. MAX_TIMESTAMP_LOCKAHEAD = 5
B. MAX_TIMESTAMP_LOOKAHEAD - 10
C. MAX_TIMESTAMP_LOOKHEAD = 20
D. MAX TIMESTAMP LOOKAHEAD - 30
ANSWER: D
Which forwarder type can parse data prior to forwarding?
A. Universal Forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder
ANSWER: D
Which Splunk indexer operating system platform is supported when sending logs
from a Windows universal forwarder?
A. Any OS platform
B. Linux platform only
C. Windows platform only
D. None of the above
ANSWER: A
When deploying apps, which attribute in the forwarder management interface
determines the apps that clients install?
A. App Class
B. Client Class
C. Server Class
D. Forwarder Class
ANSWER: C
Complete
Within props.conf, which stanzas are valid for data modification? (select all that
apply)
A. Host
B. Server
C. Source
D. Sourcetype
ANSWER: ACD
The universal forwarder has which capabilities when sending data?
A. Sending alerts
B. Compressing Data
C. Obfuscating/hiding data
D. Indexer acknowledgement
ANSWER: BD
When running the command show below, what is the default path in which
deployment server.conf is created?
splunk set deploy-poll deployServer:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C. SPLUNK_HOME/etc/system/default
D. SPLUNK_HOME/etc/apps/deployment
ANSWER: B
What type of data is counted against the Enterprise license at a fixed 150 bytes
per event?
A. License data
B. Metrics data
C. Internal Splunk data
D. Internal Windows logs
ANSWER: B
In case of a conflict between a whitelist and a blacklist input settings, which one
is used?
A. Blacklist
B. Whitelist
C. They cancel each other out
D. Whichever is entered into the configuration first
ANSWER: A
, Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses
ANSWER: C
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which
value would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = false
TRUNCATE = 0
A. MAX_TIMESTAMP_LOCKAHEAD = 5
B. MAX_TIMESTAMP_LOOKAHEAD - 10
C. MAX_TIMESTAMP_LOOKHEAD = 20
D. MAX TIMESTAMP LOOKAHEAD - 30
ANSWER: D
Which forwarder type can parse data prior to forwarding?
A. Universal Forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder
ANSWER: D
Which Splunk indexer operating system platform is supported when sending logs
from a Windows universal forwarder?
A. Any OS platform
B. Linux platform only
C. Windows platform only
D. None of the above
ANSWER: A
When deploying apps, which attribute in the forwarder management interface
determines the apps that clients install?
A. App Class
B. Client Class
C. Server Class
D. Forwarder Class
ANSWER: C
