SPLUNK ADMIN EXAM QUESTIONS WITH CORRECT ANSWERS
Which index contains checkpoint info for file monitoring inputs?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ b) _thefishbucket
Which index contains Splunk's own logs and metrics from its processing?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ a) _internal
Which index is the default index for inputs, located in the defaultdb directory?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ d) main
Which of the following protocols are not supported for indexing metrics?
a) StatsD over UDP/TCP
b) FTP
c) StatsD with dimensions over UDP/TCP
d) Collectd over HTTPS using HTTP Event Collector (HEC) -- Correct Answer ✔✔ b)
FTP
,Which of the following are reasons for creating separate indexes?
a) To test data loading prior to production.
b) To allow for separate retention durations.
c) To enable role-based access control.
d) To create separate license pools. -- Correct Answer ✔✔ a, b, c
Which directory stores hot & warm buckets for an index?
a) colddb
b) db
c) thaweddb
d) defaultdb -- Correct Answer ✔✔ b) db
Which directory stores buckets restored from archive for an index?
a) colddb
b) db
c) thaweddb
d) defaultdb -- Correct Answer ✔✔ c) thaweddb
Which bucket has the oldest data still in the index that is read only?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ c) cold
Which bucket is the only bucket open for writes and is also readable?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ a) hot
Which bucket is used for archiving data and is not searchable?
, a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ d) frozen
Which bucket has recent data that is only read only?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ b) warm
Which of the following will cause a hot bucket to be closed and converted to warm
status?
a) When a frozen bucket is thawed.
b) When a hot bucket reaches its max size.
c) When the indexer is restarted.
d) When a hot bucket reaches its max time span. -- Correct Answer ✔✔ b, c, d
Which of the following are true statements about splunkd?
a) It spawns and controls Splunk child processes
b) It runs on port 8089 by default
c) It handles all search requests and returns results
d) It accesses, processes and indexes incoming data -- Correct Answer ✔✔ All are true
What provides a browser-based front end for search and Splunk management?
a) Universal Forwarder
b) Heavy Forwarder
c) splunkd
d) Splunk Web -- Correct Answer ✔✔ d) Splunk Web
Which splunk CLI command is used to display the details of a specific object?
Which index contains checkpoint info for file monitoring inputs?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ b) _thefishbucket
Which index contains Splunk's own logs and metrics from its processing?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ a) _internal
Which index is the default index for inputs, located in the defaultdb directory?
a) _internal
b) _thefishbucket
c) summary
d) main -- Correct Answer ✔✔ d) main
Which of the following protocols are not supported for indexing metrics?
a) StatsD over UDP/TCP
b) FTP
c) StatsD with dimensions over UDP/TCP
d) Collectd over HTTPS using HTTP Event Collector (HEC) -- Correct Answer ✔✔ b)
FTP
,Which of the following are reasons for creating separate indexes?
a) To test data loading prior to production.
b) To allow for separate retention durations.
c) To enable role-based access control.
d) To create separate license pools. -- Correct Answer ✔✔ a, b, c
Which directory stores hot & warm buckets for an index?
a) colddb
b) db
c) thaweddb
d) defaultdb -- Correct Answer ✔✔ b) db
Which directory stores buckets restored from archive for an index?
a) colddb
b) db
c) thaweddb
d) defaultdb -- Correct Answer ✔✔ c) thaweddb
Which bucket has the oldest data still in the index that is read only?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ c) cold
Which bucket is the only bucket open for writes and is also readable?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ a) hot
Which bucket is used for archiving data and is not searchable?
, a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ d) frozen
Which bucket has recent data that is only read only?
a) hot
b) warm
c) cold
d) frozen -- Correct Answer ✔✔ b) warm
Which of the following will cause a hot bucket to be closed and converted to warm
status?
a) When a frozen bucket is thawed.
b) When a hot bucket reaches its max size.
c) When the indexer is restarted.
d) When a hot bucket reaches its max time span. -- Correct Answer ✔✔ b, c, d
Which of the following are true statements about splunkd?
a) It spawns and controls Splunk child processes
b) It runs on port 8089 by default
c) It handles all search requests and returns results
d) It accesses, processes and indexes incoming data -- Correct Answer ✔✔ All are true
What provides a browser-based front end for search and Splunk management?
a) Universal Forwarder
b) Heavy Forwarder
c) splunkd
d) Splunk Web -- Correct Answer ✔✔ d) Splunk Web
Which splunk CLI command is used to display the details of a specific object?
