Test 1 Flashcards
Which parent directory contains the configuration files in Splunk?
A. $SPLUNK_HOME/etc
B. $SPLUNK_HOME/var
C. $SPLUNK_HOME/conf
D. $SPLUNK_HOME/default
A. $SPLUNK_HOME/etc
Which forwarder type can parse data prior to forwarding?
A. Universalforwarder B. Heaviestforwarder C. Hyper forwarder
D. Heavyforwarder
D. Heavyforwarder
Which Splunk component consolidates the individual results and prepares reports in a distributed environment? A. Indexers B. Forwarder C. Search head D. Search peers
A. Indexers
Where should apps be located on the deployment server that the clients pull from? A. $SPLUNK_HOME/etc/apps B. $SPLUNK_HOME/etc/search C. $SPLUNK_HOME/etc/master-apps D. $SPLUNK_HOME/etc/deployment-apps
A. $SPLUNK_HOME/etc/apps
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog index=syslog Which file is now monitored? A. /var/log/messages B. /var/log/maillog C. /var/log/maillog and /var/log/messages D. none of the above
C. /var/log/maillog and /var/log/messages
When configuring monitor inputs with whitelists or blacklists, what is the supported method of filtering the lists? A. Slashnotation B. Regularexpression C. Irregular expression D. Wildcard-onlyexpression
B. Regularexpression
What is required when adding a native user to Splunk? (Select all that apply.) A. Password
B. Username
C. Full Name
D. Default app
C. Full Name
D. Default app
What are the minimum required settings when creating a network input in Splunk?
A. Protocol,portnumber
B. Protocol,port,location C. Protocol, username, port D. Protocol, IP, port number
A. Protocol,portnumber
Which Splunk component requires a Forwarder license?
A. Searchhead
B. Heavyforwarder
C. Heaviest forwarder D. Universal forwarder
B. Heavyforwarder
Which optional configuration setting in inputs.conf allows you to selectively forward the data to specific indexer(s)? A. _TCP_ROUTING B. _INDEXER_LIST C. _INDEXER_GROUP D. _INDEXER_ROUTING
A. _TCP_ROUTING
To set up a network input in Splunk, what needs to be specified?
A. Filepath.
B. Usernameandpassword.
C. Network protocol and port number. D. Network protocol and MAC address.
A. Filepath
During search time, which directory of configuration files has the highest precedence? A. $SPLUNK_HOME/etc/system/local B. $SPLUNK_HOME/etc/system/default C. $SPLUNK_HOME/etc/apps/app1/local D. $SPLUNK_HOME/etc/users/admin/local
C. $SPLUNK_HOME/etc/apps/app1/local
Within props.conf, which stanzas are valid for data modification? (Select all that apply.) A. Host B. Server C. Source D. Sourcetype
C. Source
D. Sourcetype
What is the correct order of steps in Duo Multifactor Authentication? A. 1.RequestLogin 2. Connect to SAML server 3. Duo MFA 4. Create User session 5. Authentication Granted 6. Log into Splunk B. 1.RequestLogin 2. Duo MFA 3. Authentication Granted 4. Connect to SAML server 5. Log into Splunk 6. Create User session C. 1. Request Login 2. Check authentication / group mapping 3. Authentication Granted 4. Duo MFA 5. Create User session 6. Log into Splunk D. 1. Request Login 2. Duo MFA 3. Check authentication / group mapping 4. Create User session 5. Authentication Granted 6. Log into Splunk
C. 1. Request Login 2. Check authentication / group. mapping 3. Authentication Granted 4. Duo MFA 5. Create User session 6. Log into Splunk
Which of the following enables compression for universal forwarders in outputs.conf? A. [udpout:mysplunk_indexer11]
compression=true
B. [tcpout] defaultGroup=my_indexers compressed=true
C. /opt/splunkforwarder/bin/splunk enable compression
D. [tcpount:my_indexers] server=mysplunk_indexer1:9997, mysplunk_indexer2:9997
decompression=false
B. [tcpout] defaultGroup=my_indexers compressed=true