Splunk Cloud Certified Admin v1.0

Page:    1 / 4   
Exam contains 60 questions
Expand All

For the following data, what would be the correct attribute/value pair to use to successfully extract the correct timestamp from all the events?

  • A. TIME_FORMAT = %b %d %H:%M:%S %z
  • B. DATETIME_CONFIG = %Y-%m-%d %H:%M:%S %z
  • C. TIME_FORMAT = %b %d %H:%M:%S
  • D. DATETIME_CONFIG = %b %d %H:%M:%S


Answer : C

Which monitor statement will retrieve only files that start with “access” in the directory /opt/log/www2/?

  • A. [monitor:///opt/log/.../access]
  • B. [monitor:///opt/log/www2/access*]
  • C. [monitor:///opt/log/www2/]
  • D. [monitor:///opt/log/.../]


Answer : B

Which of the following methods is valid for creating index-time field extractions?

  • A. Use the UI to create a sourcetype, specify the field name and corresponding regular expression with capture statement.
  • B. Create a configuration app with the index-time props.conf and/or transforms.conf, and upload the app via UI.
  • C. Use the CLI app to define settings in fields.conf, and restart Splunk Cloud.
  • D. Use the rex command to extract the desired field, and then save as a calculated field.


Answer : B

Which of the following statements regarding apps in Splunk Cloud is true?

  • A. Self-service install of premium apps is possible.
  • B. Only Cloud certified and vetted apps are supported.
  • C. Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.
  • D. Self-service install is available for all apps on Splunkbase.


Answer : B

When using Splunk Universal Forwarders, which of the following is true?

  • A. No more than six Universal Forwarders may connect directly to Splunk Cloud.
  • B. Any number of Universal Forwarders may connect directly to Splunk Cloud.
  • C. Universal Forwarders must send data to an Intermediate Forwarder.
  • D. There must be one Intermediate Forwarder for every three Universal Forwarders.


Answer : B

In which of the following situations should Splunk Support be contacted?

  • A. When a custom search needs tuning due to not performing as expected.
  • B. When an app on Splunkbase indicates Request Install.
  • C. Before using the delete command.
  • D. When a new role that mirrors sc_admin is required.


Answer : B

Which of the following is not a path used by Splunk to execute scripts?

  • A. SPLUNK_HOME/etc/system/bin
  • B. SPLUNK_HOME/etc/apps/<app_name>/bin
  • C. SPLUNK_HOME/etc/scripts/local
  • D. SPLUNK_HOME/bin/scripts


Answer : C

Which of the following statements is true about data transformations using SEDCMD?

  • A. Can only be used to mask or truncate raw data.
  • B. Configured in props.conf and transforms.conf.
  • C. Can be used to manipulate the sourcetype per event.
  • D. Operates on a REGEX pattern match of the source, sourcetype, or host of an event.


Answer : B

Consider the following configurations:

What is the value of the sourcetype property for this stanza based on Splunk’s configuration file precedence?

  • A. NULL, or unset, due to configuration conflict
  • B. access_combined
  • C. linux_secure
  • D. linux_secure, access_combined


Answer : C

Which of the following lists all parameters supported by the acceptFrom argument?

  • A. IPv4, IPv6, CIDRs, DNS names, Wildcards
  • B. IPv4, IPv6, CIDRs, DNS names
  • C. CIDRs, DNS names, Wildcards
  • D. IPv4, CIDRs, DNS names, Wildcards


Answer : A

Which of the following tasks is not managed by the Splunk Cloud administrator?

  • A. Forwarding events to Splunk Cloud.
  • B. Upgrading the indexer’s Splunk software.
  • C. Managing knowledge objects.
  • D. Creating users and roles.


Answer : B

What is a private app?

  • A. An app where only a specific role has read and write access.
  • B. An app that is only viewable by a specific user.
  • C. An app that is created and used only by a specific organization.
  • D. An app where only a specific role has read access.


Answer : C

Which of the following is true when using Intermediate Forwarders?

  • A. Intermediate Forwarders may be a mix of Universal and Heavy Forwarders.
  • B. All Intermediate Forwarders must be Heavy Forwarders.
  • C. Intermediate Forwarders may be Universal Forwarders or Heavy Forwarders, but may not be mixed.
  • D. All Intermediate Forwarders must be Universal Forwarders.


Answer : A

Which of the following is a valid stanza in props.conf?

  • A. [sourcetype::linux_secure]
  • B. [host=nyc25]
  • C. [host::nyc*]
  • D. [host=nyc*]


Answer : C

Which of the following is not considered a best practice for the deployment server?

  • A. Create small, single-purpose deployment apps.
  • B. Dedicate a Splunk instance as the deployment server.
  • C. Use a Linux server as the deployment server.
  • D. Create large, multi-purpose deployment apps.


Answer : D

Page:    1 / 4   
Exam contains 60 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy