FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Splunk Certified Developer

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

With authentication methods are natively supported within Splunk Enterprise? (Choose all that apply.)

A) LDAP
B) SAML
C) RADIUS
D) Duo Multifactor Authentication

Correct Answer

verified

A,D

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

How would you configure your distsearch.conf to allow you to run the search below? sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON

A) [distributedSearch:NYC] default = false servers = nyc1:8089, nyc2:8089 [distributedSearch:HOUSTON] servers = houston1:8089, houston2:8089
B) [distributedSearch] servers =nyc1, nyc2, houston1, houston2 servers = nyc1, nyc2 servers = houston1, houston2
C) servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089
D) servers =nyc1:8089; nyc2:8089; houston1:8089; houston2:8089 servers = nyc1:8089; nyc2:8089 servers = houston1:8089; houston2:8089

Correct Answer

verified

Show Answer

Question 3

Multiple Choice

Review LaterAdd Note

What are the minimum required settings when creating a network input in Splunk?

Which setting in indexes.conf allows data retention to be controlled by time?

Where are license files stored?

The universal forwarder has which capabilities when sending data? (Select all that apply.)

Within props.conf , which stanzas are valid for data modification? (Choose all that apply.)

Which is a valid stanza for a network input?

What is required when adding a native user to Splunk? (Choose all that apply.)

Which option accurately describes the purpose of the HTTP Event Collector (HEC) ?

The universal forwarder has which capabilities when sending data? (Choose all that apply.)

How can native authentication be disabled in Splunk?

The Splunk administrator wants to ensure data is distributed evenly amongst the indexers. To do this, he runs the following search over the last 24 hours: index=* What field can the administrator check to see the data distribution?

On the deployment server, administrators can map clients to server classes using client filters. Which of the following statements is accurate?

Which of the following are methods for adding inputs in Splunk? (Select all that apply.)

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of Splunk component instances are needed?

Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)

Which of the following statements describe deployment management? (Select all that apply.)

Which of the following configuration files are used with a universal forwarder? (Choose all that apply.)

This file has been manually created on a universal forwarder: /opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages] sourcetype=syslog index=syslog A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog Which file is now monitored?