Splunk Admin Questions & Answers Already Graded A+

Which installer will you use to install the Search Head? a) Splunk Enterprise b) Splunk Universal Forwarder - Answer-a) Splunk Enterprise When you install Splunk on a Windows OS, you also have to configure the boot-start. True or False - Answer-False. You only need to do that on a Linux installation. Splunk must be manually started on *NIX until boot-start is enabled. The default Splunk Web port is: a) 8191 b) 8089 c) 8000 d) 8065 - Answer-c) 8000 The default splunkd port is: a) 8191 b) 8089 c) 8000 d) 8065 - Answer-b) 8089 The default Web app-server proxy port is: a) 8191b) 8089 c) 8000 d) 8065 - Answer-d) 8065 is used by the python-based application server. The default KV store port is: a) 8191 b) 8089 c) 8000 d) 8065 - Answer-8191 What type of architecture is best for testing, POCs, personal use or learning? a) Single-server, standalone b) Basic c) Distributed - Answer-a) Single-server, standalone What type of architecture provides the best options for scaling in a variety of ways? a) Single-server, standalone b) Basic c) Distributed - Answer-c) Distributed What type of architecture includes all features on the main Splunk server, except for forwarders which are installed at the data source? a) Single-server, standalone b) Basic c) Distributed - Answer-b) BasicWhich layer receives and stores data from forwarders, and searches data in response to user requests? a) Searching b) Indexing/Parsing c) Inputs - Answer-b) Indexing/Parsing Which layer monitors data sources and forwards data, and is the best practice method for data collection? a) Searching b) Indexing/Parsing c) Inputs - Answer-c) Inputs The universal forwarder requires significant resources on hosts systems in order to ensure that no data is lost in transmission to the indexer. True or False - Answer-False. The UF requires minimal resources and is typically installed on the machines that produce the data. Which layer allows users to submit queries using SPL, and consolidates and renders visualizations of the data for users? a) Searching b) Indexing/Parsing c) Inputs - Answer-a) Searching Which of the following statements is false? a) For input, Splunk must be able to access data sources.b) It is best to run Splunk as a super-user, such as root on *NIX or administrator on Windows. c) The Splunk account needs to access scripts used for inputs and alerts. d) On Windows, you should use a domain account if Splunk has to connect to other servers, otherwise use a local account that can run services. True or False. - Answer-b) It is best to run Splunk as a super-user, such as root on *NIX or administrator on Windows. Which of the following statements is true? a) It is not best-practice to use a time synchronization service such as NTP b) Splunk services do not depend on accurate time c) Clock skew between hosts can affect search results d) Indexers and production servers do not need standardized time config - Answer-c) Clock skew between hosts can affect search results