Exam (elaborations)
Splunk Admin Exam/172 Questions with Verified Answers
- Course
- Institution
Splunk Admin Exam/172 Questions with Verified Answers
[Show more]
Seller
Follow
Victorious23
Reviews received
Content preview
Splunk Admin Exam/172 Questionswith Verified Answers
Which installer will you use to install the Search Head?
a) Splunk Enterprise
b) Splunk Universal Forwarder - -a) Splunk Enterprise
- When you install Splunk on a Windows OS, you also have to configure the
boot-start.
True or False - -False. You only need to do that on a Linux installation.
Splunk must be manually started on *NIX until boot-start is enabled.
- The default Splunk Web port is:
a) 8191
b) 8089
c) 8000
d) 8065 - -c) 8000
- The default splunkd port is:
a) 8191
b) 8089
c) 8000
d) 8065 - -b) 8089
- The default Web app-server proxy port is:
a) 8191
b) 8089
c) 8000
d) 8065 - -d) 8065 is used by the python-based application server.
- The default KV store port is:
a) 8191
b) 8089
c) 8000
d) 8065 - -8191
- What type of architecture is best for testing, POCs, personal use or
learning?
,a) Single-server, standalone
b) Basic
c) Distributed - -a) Single-server, standalone
- What type of architecture provides the best options for scaling in a variety
of ways?
a) Single-server, standalone
b) Basic
c) Distributed - -c) Distributed
- What type of architecture includes all features on the main Splunk server,
except for forwarders which are installed at the data source?
a) Single-server, standalone
b) Basic
c) Distributed - -b) Basic
- Which layer receives and stores data from forwarders, and searches data
in response to user requests?
a) Searching
b) Indexing/Parsing
c) Inputs - -b) Indexing/Parsing
- Which layer monitors data sources and forwards data, and is the best
practice method for data collection?
a) Searching
b) Indexing/Parsing
c) Inputs - -c) Inputs
- The universal forwarder requires significant resources on hosts systems in
order to ensure that no data is lost in transmission to the indexer.
True or False - -False. The UF requires minimal resources and is typically
installed on the machines that produce the data.
- Which layer allows users to submit queries using SPL, and consolidates and
renders visualizations of the data for users?
a) Searching
b) Indexing/Parsing
c) Inputs - -a) Searching
, - Which of the following statements is false?
a) For input, Splunk must be able to access data sources.
b) It is best to run Splunk as a super-user, such as root on *NIX or
administrator on Windows.
c) The Splunk account needs to access scripts used for inputs and alerts.
d) On Windows, you should use a domain account if Splunk has to connect to
other servers, otherwise use a local account that can run services.
True or False. - -b) It is best to run Splunk as a super-user, such as root on
*NIX or administrator on Windows.
- Which of the following statements is true?
a) It is not best-practice to use a time synchronization service such as NTP
b) Splunk services do not depend on accurate time
c) Clock skew between hosts can affect search results
d) Indexers and production servers do not need standardized time config - -
c) Clock skew between hosts can affect search results
- Which of the following are true statements about splunkd?
a) It spawns and controls Splunk child processes
b) It runs on port 8089 by default
c) It handles all search requests and returns results
d) It accesses, processes and indexes incoming data - -All are true
- What provides a browser-based front end for search and Splunk
management?
a) Universal Forwarder
b) Heavy Forwarder
c) splunkd
d) Splunk Web - -d) Splunk Web
- Which splunk CLI command is used to display the details of a specific
object?
a) splunk status
b) splunk help <object>
c) splunk show web-port
d) splunk show servername - -b) splunk help <object>
- How long is the Splunk Enterprise trial license valid for before one of the
other 3 license types must be activated?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Victorious23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80461 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now