SPLK-1003 Free Practice Test

Which of the following apply to how distributed search works? (Select all that apply.)

1. A. The search head dispatches searches to the peers.
2. B. The search peers pull the data from the forwarders.
3. C. Peers run searches in parallel and return their portion of results.
4. D. The search head consolidates the individual results and prepares reports.

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Whatisdistributedsearch

What is required when adding a native user to Splunk? (Select all that apply.)

1. A. Password
2. B. Username
3. C. Full Name
4. D. Default app

Correct Answer: CD
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Addandeditusers

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

1. A. Slash notation
2. B. Regular expression
3. C. Irregular expression
4. D. Wildcard-only expression

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Filterclients

Within props.conf, which stanzas are valid for data modification? (Select all that apply.)

1. A. Host
2. B. Server
3. C. Source
4. D. Sourcetype

Correct Answer: CD
Reference: https://answers.splunk.com/answers/3687/host-stanza-in-props-conf-not-being-honored-for-udp-514-data-sources.html