New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

By default, which of the following capabilities are granted to the sc_admin role?

A.

indexes_edit, edit___token, admin_all_objects, delete_by_keyword

B.

indexes_edit, fsh_manage, acs_conf, list_indexesdiscovert

C.

indexes_edit, fsh_manage, admin_all_objects can_delete

D.

indexes_edit, edit_token_http, admin _all objects, edit limits_conf

Full Access
Question # 5

Which of the following statements regarding apps in Splunk Cloud is true?

A.

Self-service install of premium apps is possible.

B.

Only Cloud certified and vetted apps are supported.

C.

Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.

D.

Self-service install is available for all apps on Splunkbase.

Full Access
Question # 6

A customer wants to mask unstructured data before sending it to Splunk Cloud. Where should SEBCMD be configured for this?

A.

props. conf on a Splunk Cloud search head,

B.

props.conf on a Heavy Forwarder.

C.

transforms, cent on a Splunk Cloud indexer.

D.

props. conf- on a Universal Forwarder.

Full Access
Question # 7

In what scenarios would transforms.conf be used?

A.

Per-Event Index Routing, Applying Event Types, SEOCMD operations

B.

Per-Event Sourcetype, Per-Event Host Name, Per-Event Index Routing

C.

Per-Event Host Name, Per-Event Index Rooting, SEDCMD operations

D.

Per-Event Sourcetype, Per-Event Index Routing, Applying Event Types

Full Access
Question # 8

In Splunk Cloud, which of the following statements regarding REST API is true?

A.

REST API and Splunk HEC are on the same port.

B.

All REST API endpoints are open and available by default.

C.

REST API is not available in Splunk Cloud.

D.

A subset of REST API endpoints are enabled for customers to manage Splunk.

Full Access
Question # 9

What information is identified during the input phase of the ingestion process?

A.

Line breaking and timestamp.

B.

A hash of the message payload.

C.

Metadata fields like sourcetype and host.

D.

SRC and DST IP addresses and ports.

Full Access
Question # 10

A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?

A.

Ask the LDAP administrator to move Mia's account to an appropriately mapped LDAP group.

B.

Have Mia log into Splunk, then update her own role in user settings.

C.

Create a role named Power in Splunk, then map Mia's account to that role.

D.

Use the Cloud Monitoring Console app as an administrator to map Mia's account to the power role.

Full Access
Question # 11

Given the following set of files, which of the monitor stanzas below will result in Splunk monitoring all of the files ending with .log?

Files:

    /var/log/www1/secure.log

    /var/log/www1/access.log

    /var/log/www2/logs/secure.log

    /var/log/www2/access.log

    /var/log/www2/access.log.1

A.

[monitor:///var/log/*/*.log]

B.

[monitor:///var/log/.../*.log]

C.

[monitor:///var/log/*/*]

D.

[monitor:///var/log/.../*]

Full Access
Question # 12

Which configuration shown is used to enable a forwarder as a deployment client of the server 10.1.2.3?

A.

[target-broker:deploymentServer] targetUri = 10.1.2.3:9997

B.

[target-broker:deploymentserver] targetUri = 10.1.2.3:8089

C.

[target-broker:deploymentserver] deploymentserver = 10.1.2.3:9997

D.

[target-broker:deploymentserver] deploymentserver = 10.1.2.3:8089

Full Access
Question # 13

Which of the following would always require raising a support ticket?

A.

Capacity or configuration changes in Splunk Cloud.

B.

Search does not return expected results in Splunk Cloud.

C.

A user is unable to log into Splunk Cloud.

D.

Data is not indexed in Splunk Cloud.

Full Access
Question # 14

Which of the following is a valid stanza in props. conf?

A.

[sourcetype::linux_secure]

B.

[host=nyc25]

C.

[host::nyc*]

D.

[host:nyc*]

Full Access
Question # 15

A monitor has been created in inputs. con: for a directory that contains a mix of file types.

How would a Cloud Admin fine-tune assigned sourcetypes for different files in the directory during the input phase?

A.

On the Indexer parsing the data, leave sourcetype as automatic for the directory monitor. Then create a props.conf that assigns a specific sourcetype by source stanza.

B.

On the forwarder collecting the data, leave sourcetype as automatic for the directory monitor. Then create a props. conf that assigns a specific sourcetype by source stanza.

C.

On the Indexer parsing the data, set multiple sourcetype_source attributes for the directory monitor collecting the files. Then create a props, com that filters out unwanted files.

D.

On the forwarder collecting the data, set multiple 3ourcotype_sourc« attributes for the directory monitor collecting the files. Then create a props. conf that filters out unwanted files.

Full Access
Question # 16

Files from multiple systems are being stored on a centralized log server. The files are organized into directories based on the original server they came from. Which of the following is a recommended approach for correctly setting the host values based on their origin?

A.

Use the host segment, setting.

B.

Set host = * in the monitor stanza.

C.

The host value cannot be dynamically set.

D.

Manually create a separate monitor stanza for each host, with the nose = value set.

Full Access
Question # 17

In which file can the SH0ULD_LINEMERCE setting be modified?

A.

transforms.conf

B.

inputs.conf

C.

props.conf

D.

outputs.conf

Full Access
Question # 18

Li was asked to create a Splunk configuration to monitor syslog files stored on Linux servers at their organization. This configuration will be pushed out to multiple systems via a Splunk app using the on-prem deployment server.

The system administrators have provided Li with a directory listing for the logging locations on three syslog hosts, which are representative of the file structure for all systems collecting this data. An example from each system is shown below:

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 19

Which of the following app installation scenarios can be achieved without involving Splunk Support?

A.

Deploy premium apps.

B.

Install apps via the Request Install button.

C.

Install apps via self-service.

D.

Install apps that have not gone through the vetting process.

Full Access
Question # 20

Which of the following is an accurate statement about the delete command?

A.

The delete command removes events from disk.

B.

By default, only admins can run the delete command.

C.

Events are virtually deleted by marking them as deleted.

D.

Deleting events reclaims disk space.

Full Access
Question # 21

Which of the following is a correct statement about Universal Forwarders?

A.

The Universal Forwarder must be able to contact the license master.

B.

A Universal Forwarder must connect to Splunk Cloud via a Heavy Forwarder.

C.

A Universal Forwarder can be an Intermediate Forwarder.

D.

The default output bandwidth is 500KBps.

Full Access
Question # 22

When is data deleted from a Splunk Cloud index?

A.

When buckets roll to frozen, without a defined archive.

B.

When data is deleted via the Splunk Cloud Admin GUI.

C.

When TA_Delete is downloaded and enabled from SplunkBase.

D.

When the daleteindex command is executed from the CLI.

Full Access
Question # 23

The following Apache access log is being ingested into Splunk via a monitor input:

How does Splunk determine the time zone for this event?

A.

The value of the TZ attribute in props. cont for the a :ces3_ccwbined sourcetype.

B.

The value of the TZ attribute in props, conf for the my.webserver.example host.

C.

The time zone of the Heavy/Intermediate Forwarder with the monitor input.

D.

The time zone indicator in the raw event data.

Full Access
Question # 24

Which of the following tasks is not managed by the Splunk Cloud administrator?

A.

Forwarding events to Splunk Cloud.

B.

Upgrading the indexer's Splunk software.

C.

Managing knowledge objects.

D.

Creating users and roles.

Full Access