Notes: Hi all, Splunk Enterprise Certified Admin SPLK-1003 Practice Exam Part 2 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Splunk Enterprise Certified Admin SPLK-1003 Actual Exam Version because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
16. When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?
A. Slash notation
B. Regular expression
C. Irregular expression
D. Wildcard-only expression
17. What is required when adding a native user to Splunk? (Choose all that apply.)
A. Password
B. Username
C. Full Name
D. Default app
18. What are the minimum required settings when creating a network input in Splunk?
A. Protocol, port number
B. Protocol, port, location
C. Protocol, username, port
D. Protocol, IP, port number
19. Which Splunk component requires a Forwarder license?
A. Search head
B. Heavy forwarder
C. Heaviest forwarder
D. Universal forwarder
20. Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)?
A. _TCP_ROUTING
B. _INDEXER_LIST
C. _INDEXER_GROUP
D. _INDEXER_ROUTING
21. To set up a network input in Splunk, what needs to be specified?
A. File path.
B. Username and password.
C. Network protocol and port number.
D. Network protocol and MAC address.
22. Which Splunk forwarder type allows parsing of data before forwarding to an indexer?
A. Universal forwarder
B. Parsing forwarder
C. Heavy forwarder
D. Advanced forwarder
23. Which of the following statements describe deployment management? (Choose all that apply.)
A. Requires an Enterprise license.
B. Is responsible for sending apps to forwarders.
C. Once used, is the only way to manage forwarders.
D. Can automatically restart the host OS running the forwarder.
24. During search time, which directory of configuration files has the highest precedence?
A. $SPLUNK_HOME/etc/system/local
B. $SPLUNK_HOME/etc/system/default
C. $SPLUNK_HOME/etc/apps/app1/local
D. $SPLUNK_HOME/etc/users/admin/local
25. Within props.conf, which stanzas are valid for data modification? (Choose all that apply.)
A. Host
B. Server
C. Source
D. Sourcetype
26. What is the correct order of steps in Duo Multi Factor Authentication?
A. 1. Request Login 2. Connect to SAML server 3. Duo MFA 4. Create User session 5. Authentication Granted 6. Log into Splunk
B. 1. Request Login 2. Duo MFA 3. Authentication Granted 4. Connect to SAML server 5. Log into Splunk 6. Create User session
C. 1. Request Login 2. Check authentication / group mapping 3. Authentication Granted 4. Duo MFA 5. Create User session 6. Log into Splunk
D. 1. Request Login 2. Duo MFA 3. Check authentication / group mapping 4. Create User session 5. Authentication Granted 6. Log into Splunk
27. Where can scripts for scripted inputs reside on the host file system? (Choose all that apply.)
A. $SPLUNK_HOME/bin/scripts
B. $SPLUNK_HOME/etc/apps/bin
C. $SPLUNK_HOME/etc/system/bin
D. $SPLUNK_HOME/etc/apps//bin
28. How does the Monitoring Console monitor forwarders?
A. By pulling internal logs from forwarders.
B. By using the forwarder monitoring add-on.
C. With internal logs forwarded by forwarders.
D. With internal logs forwarded by deployment server.
29. What options are available when creating custom roles? (Choose all that apply.)
A. Restrict search terms.
B. Whitelist search terms.
C. Limit the number of concurrent search jobs.
D. Allow or restrict indexes that can be searched.
30. Which of the following are supported options when configuring optional network inputs?
A. Metadata override, sender filtering options, network input queues (quantum queues)
B. Metadata override, sender filtering options, network input queues (memory/persistent queues)
C. Filename override, sender filtering options, network output queues (memory/persistent queues)
D. Metadata override, receiver filtering options, network input queues (memory/persistent queues)