SPLK-1003 Free Practice Test

The priority of layered Splunk configuration files depends on the file’s:

1. A. Owner
2. B. Weight
3. C. Context
4. D. Creation time

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.0/Admin/Wheretofindtheconfigurationfiles

In which scenario would a Splunk Administrator want to enable data integrity check when creating an index?

1. A. To ensure that hot buckets are still open for writers and have not been forced to roll to a cold state.
2. B. To ensure that configuration files have not been tampered with for auditing and/or legal purposes.
3. C. To ensure that user passwords have not been tampered with for auditing and/or legal purposes.
4. D. To ensure that data has not been tampered with for auditing and/or legal purposes.

Correct Answer: D
Reference: https://www.splunk.com/blog/2015/10/28/data-integrity-is-back-baby.html

How would you configure your distsearch.conf to allow you to run the search below?
sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

1. A. [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] default = falseservers = houston1:8089, houston2:8089
2. B. [distributedSearch] servers =nyc1, nyc2, houston1, houston2 [distributedSearch:NYC] default = false servers = nyc1, nyc2 [distributedSearch:HOUSTON]default = false servers = houston1, houston2
3. C. [distributedSearch] servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089[distributedSearch:NYC] default= false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON]default = falseservers = houston1:8089, houston2:8089
4. D. [distributedSearch] servers =nyc1:8089; nyc2:8089; houston1:8089; houston2:8089[distributedSearch:NYC]default = false servers = nyc1:8089; nyc2:8089 [distributedSearch:HOUSTON] default = false servers = houston1:8089; houston2:8089

Correct Answer: D

What options are available when creating custom roles? (Select all that apply.)

1. A. Restrict search terms.
2. B. Whitelist search terms.
3. C. Limit the number of concurrent search jobs.
4. D. Allow or restrict indexes that can be searched.

Correct Answer: AD
Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Security/Aboutusersandroles

What are the minimum required settings when creating a network input in Splunk?

1. A. Protocol, port number
2. B. Protocol, port, location
3. C. Protocol, username, port
4. D. Protocol, IP, port number

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/UsetheHTTPEventCollector