Labor day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Splunk SPLK-3003 Splunk Core Certified Consultant Exam Practice Test

Page: 1 / 9
Total 85 questions

Splunk Core Certified Consultant Questions and Answers

Question 1

A customer has been using Splunk for one year, utilizing a single/all-in-one instance. This single Splunk server is now struggling to cope with the daily ingest rate. Also, Splunk has become a vital system in day-to-day operations making high availability a consideration for the Splunk service. The customer is unsure how to design the new environment topology in order to provide this.

Which resource would help the customer gather the requirements for their new architecture?

Options:

A.

Direct the customer to the docs.splunk.com and tell them that all the information to help them select the right design is documented there.

B.

Ask the customer to engage with the sales team immediately as they probably need a larger license.

C.

Refer the customer to answers.splunk.com as someone else has probably already designed a system that meets their requirements.

D.

Refer the customer to the Splunk Validated Architectures document in order to guide them through which approved architectures could meet their requirements.

Question 2

What is the default push mode for a search head cluster deployer app configuration bundle?

Options:

A.

full

B.

merge_to_default

C.

default_only

D.

local_only

Question 3

The universal forwarder (UF) should be used whenever possible, as it is smaller and more efficient. In which of the following scenarios would a heavy forwarder (HF) be a more appropriate choice?

Options:

A.

When a predictable version of Python is required.

B.

When filtering 10%–15% of incoming events.

C.

When monitoring a log file.

D.

When running a script.

Question 4

Which event processing pipeline contains the regex replacement processor that would be called upon to run event masking routines on events as they are ingested?

Options:

A.

Merging pipeline

B.

Indexing pipeline

C.

Typing pipeline

D.

Parsing pipeline

Question 5

What does Splunk do when it indexes events?

Options:

A.

Extracts the top 10 fields.

B.

Extracts metadata fields such as host, source, sourcetype.

C.

Performs parsing, merging, and typing processes on universal forwarders.

D.

Create report acceleration summaries.

Question 6

A [script://] input sends data to a Splunk forwarder using which method?

Options:

A.

UDP stream

B.

TCP stream

C.

Temporary file

D.

STDOUT/STDERR

Question 7

How could a role in which all users must specify an index=clause in all searches be configured?

Options:

A.

Set the authorize.conf setting: srchIndexesDefault to no value.

B.

Set the authorize.conf setting: srchFilter to no value.

C.

Set the authorize.conf setting: srchIndexesAllowed to no value.

D.

Set the authorize.conf setting: srchJobsQuota to no value.

Question 8

A customer has downloaded the Splunk App for AWS from Splunkbase and installed it in a search head cluster following the instructions using the deployer. A power user modifies a dashboard in the app on one of the search head cluster members. The app containing an updated dashboard is upgraded to the latest version by following the instructions via the deployer.

What happens?

Options:

A.

The updated dashboard will not be deployed globally to all users, due to the conflict with the power user’s modified version of the dashboard.

B.

Applying the search head cluster bundle will fail due to the conflict.

C.

The updated dashboard will be available to the power user.

D.

The updated dashboard will not be available to the power user; they will see their modified version.

Question 9

When adding a new search head to a search head cluster (SHC), which of the following scenarios occurs?

Options:

A.

The new search head connects to the captain and replays any recent configuration changes to bring it up to date.

B.

The new search head connects to the deployer and replays any recent configuration changes to bring it up to date.

C.

The new search head connects to the captain and pulls the most recently deployed bundle. It then connects to the deployer and replays any recent configuration changes to bring it up to date.

D.

The new search head connects to the deployer and pulls the most recently deployed bundle. It then connects to the captain and replays any recent configuration changes to bring it up to date.

Question 10

A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?

Options:

A.

list monitor

B.

oneshot

C.

btprobe

D.

tailingprocessor

Question 11

When can the Search Job Inspector be used to debug searches?

Options:

A.

If the search has not expired.

B.

If the search is currently running.

C.

If the search has been queued.

D.

If the search has expired.

Question 12

A customer wants to migrate from using Splunk local accounts to use Active Directory with LDAP for their Splunk user accounts instead. Which configuration files must be modified to connect to an Active Directory LDAP provider?

Options:

A.

authentication.conf, authorize.conf, ldap.conf

B.

authentication.conf, ldap.conf

C.

authentication.conf

D.

authorize.conf, authentication.conf

Page: 1 / 9
Total 85 questions