SPLUNK CERTIFIED ADMIN DUMP
EXAM QUESTIONS AND ANSWERS
Within props.conf, which stanzas are valid for data modification? (select all that apply)
A. Host
B. Server
C. Source
D. Sourcetype - Correct Answers -ANSWER: ACD
The universal forwarder has which capabilities when sending data?
A. Sending alerts
B. Compressing Data
C. Obfuscating/hiding data
D. Indexer acknowledgement - Correct Answers -ANSWER: BD
When running the command show below, what is the default path in which deployment
server.conf is created?
splunk set deploy-poll deployServer:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C. SPLUNK_HOME/etc/system/default
D. SPLUNK_HOME/etc/apps/deployment - Correct Answers -ANSWER: B
What type of data is counted against the Enterprise license at a fixed 150 bytes per
event?
A. License data
B. Metrics data
C. Internal Splunk data
D. Internal Windows logs - Correct Answers -ANSWER: B
In case of a conflict between a whitelist and a blacklist input settings, which one is
used?
, A. Blacklist
B. Whitelist
C. They cancel each other out
D. Whichever is entered into the configuration first - Correct Answers -ANSWER: A
Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses - Correct Answers -ANSWER: C
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value
would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = false
TRUNCATE = 0
A. MAX_TIMESTAMP_LOCKAHEAD = 5
B. MAX_TIMESTAMP_LOOKAHEAD - 10
C. MAX_TIMESTAMP_LOOKHEAD = 20
D. MAX TIMESTAMP LOOKAHEAD - 30 - Correct Answers -ANSWER: D
Which forwarder type can parse data prior to forwarding?
A. Universal Forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder - Correct Answers -ANSWER: D
Which Splunk indexer operating system platform is supported when sending logs from a
Windows universal forwarder?
A. Any OS platform
B. Linux platform only
C. Windows platform only
D. None of the above - Correct Answers -ANSWER: A
When deploying apps, which attribute in the forwarder management interface
determines the apps that clients install?
EXAM QUESTIONS AND ANSWERS
Within props.conf, which stanzas are valid for data modification? (select all that apply)
A. Host
B. Server
C. Source
D. Sourcetype - Correct Answers -ANSWER: ACD
The universal forwarder has which capabilities when sending data?
A. Sending alerts
B. Compressing Data
C. Obfuscating/hiding data
D. Indexer acknowledgement - Correct Answers -ANSWER: BD
When running the command show below, what is the default path in which deployment
server.conf is created?
splunk set deploy-poll deployServer:port
A. SPLUNK_HOME/etc/deployment
B. SPLUNK_HOME/etc/system/local
C. SPLUNK_HOME/etc/system/default
D. SPLUNK_HOME/etc/apps/deployment - Correct Answers -ANSWER: B
What type of data is counted against the Enterprise license at a fixed 150 bytes per
event?
A. License data
B. Metrics data
C. Internal Splunk data
D. Internal Windows logs - Correct Answers -ANSWER: B
In case of a conflict between a whitelist and a blacklist input settings, which one is
used?
, A. Blacklist
B. Whitelist
C. They cancel each other out
D. Whichever is entered into the configuration first - Correct Answers -ANSWER: A
Where are license files stored?
A. $SPLUNK_HOME/etc/secure
B. $SPLUNK_HOME/etc system
C. $SPLUNK_HOME/etc/licenses
D. $SPLUNK_HOME/etc/apps/licenses - Correct Answers -ANSWER: C
In this source definition the MAX_TIMESTAMP_LOOKHEAD is missing. Which value
would fit best?
[sshd_syslog]
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N %z
LINE_BREAKER = ([\r\n]+)\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
SHOULD_LINEMERGE = false
TRUNCATE = 0
A. MAX_TIMESTAMP_LOCKAHEAD = 5
B. MAX_TIMESTAMP_LOOKAHEAD - 10
C. MAX_TIMESTAMP_LOOKHEAD = 20
D. MAX TIMESTAMP LOOKAHEAD - 30 - Correct Answers -ANSWER: D
Which forwarder type can parse data prior to forwarding?
A. Universal Forwarder
B. Heaviest forwarder
C. Hyper forwarder
D. Heavy forwarder - Correct Answers -ANSWER: D
Which Splunk indexer operating system platform is supported when sending logs from a
Windows universal forwarder?
A. Any OS platform
B. Linux platform only
C. Windows platform only
D. None of the above - Correct Answers -ANSWER: A
When deploying apps, which attribute in the forwarder management interface
determines the apps that clients install?
