SPLK-1003 Free Practice Test

Which option accurately describes the purpose of the HTTP Event Collector (HEC)?

1. A. A token-based HTTP input that is secure and scalable and that requires the use of forwarders.
2. B. A token-based HTTP input that is secure and scalable and that does not require the use of forwarders.
3. C. An agent-based HTTP input that is secure and scalable and that does not require the use of forwarders.
4. D. A token-based HTTP input that is insecure and non-scalable and that does not require the use of forwarders.

Correct Answer: B
Reference: http://dev.splunk.com/view/event-collector/SP-CAAAE6M

User role inheritance allows what to be inherited from the parent role? (Select all that apply.)

1. A. Parents
2. B. Capabilities
3. C. Index access
4. D. Search history

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_capabilities

Which of the following apply to how distributed search works? (Select all that apply.)

1. A. The search head dispatches searches to the peers.
2. B. The search peers pull the data from the forwarders.
3. C. Peers run searches in parallel and return their portion of results.
4. D. The search head consolidates the individual results and prepares reports.

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Whatisdistributedsearch

What is required when adding a native user to Splunk? (Select all that apply.)

1. A. Password
2. B. Username
3. C. Full Name
4. D. Default app

Correct Answer: CD
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Addandeditusers

When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists?

1. A. Slash notation
2. B. Regular expression
3. C. Irregular expression
4. D. Wildcard-only expression

Correct Answer: B
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Filterclients