Exam (elaborations)
SPLUNK ADMINISTRATOR EXAM QUESTIONS AND ANSWERS-
- Course
- Institution
SPLUNK ADMINISTRATOR EXAM QUESTIONS AND ANSWERS-
[Show more]
Content preview
SPLUNK ADMINISTRATOR EXAM QUESTIONS ANDANSWERS
Which installer would you use to install a search head?
A. Splunk Enterprise
B. Universal Forwarder
C. Splunk Light Forwarder - Answers-A
When you install Splunk on Windows, you're required to configure if Splunk starts on
system boot.
True or False? - Answers-False, this is only required for Linux installations
The default Splunk Web port is set to 8000.
True or False? - Answers-True
Splunk provides separate licenses for metrics and events data.
True or False? - Answers-False, metrics data draws from the same license quota as
event data
Search Heads also need an Enterprise License (or set as a slave to a License Master
with an Enterprise License) even though you have not configured any inputs.
True or False? - Answers-True
If the indexing exceeds the daily license quota in a pool, your license will go into a
violation.
True or False? - Answers-False, if the indexing exceeds the allocated daily quota in a
pool, an alert is raised. If it is not fixed by midnight then the alert turns into a warning.
5 or more warnings on an enforced Enterprise license or 3 warnings on a Free license
(in a rolling 30-day period), results in a violation.
True or False? - Answers-True
Write permissions to an App means the user's role is able to modify the App.
True or False? - Answers-False, the user's role with write permissions can only
manipulate knowledge objects used in the App.
Universal forwarders don't have a web interface, but they can still benefit from an app.
,True or False? - Answers-True
Which configuration file tells a Splunk instance to ingest data?
A. transforms.conf
B. props.conf
C. outputs.conf
D. inputs.conf - Answers-D
When Splunk starts, configuration files are merged together into a single run time model
for each file type.
True or False? - Answers-True
btool shows on-disk configurations for a requested file.
True or False? - Answers-True
By default, Splunk automatically sets the frozen path when you create an index.
True or False? - Answers-False, frozen path is not set by default. Data is set to delete
by default.
When hot buckets roll to warm, they go to a different directory.
True or False? - Answers-False, hot and warm buckets stay in the same directory.
When hot buckets roll to warm, they are renamed.
_introspection index tracks system performance and Splunk resource usage data.
True or False? - Answers-True
Frozen buckets roll to Thawed automatically.
True or False? - Answers-False, to thaw a frozen bucket, you have to start by copying
the bucket directory from the frozen directory to the index's thaweddb directory
When creating an index from the web, it creates a stanza in inputs.conf.
True or False? - Answers-False, it creates a stanza in indexes.conf
When running splunk clean, you can set a date range for the events you want to delete.
True or False? - Answers-False, there is no option to set a date range with the splunk
clean command
,If you are installing a search head and an indexer, Splunk requires an admin account on
each instance.
True or False? - Answers-True
If you want a role that is "like" the user role, but with some capabilities turned off, you
can create a new role that inherits from the user role, then remove some capabilities.
True or False? - Answers-False, you have to create a new role, since you cannot turn
off capabilities when inheriting from a user.
You can unlock a user from the command line.
True or False? - Answers-True
You have to configure a separate receiving port on the indexer for each universal
forwarder.
True or False? - Answers-False, you're not required to create a separate port for each
universal forwarder. You can just use 9997 or whatever port you specify.
When a Universal Forwarder is installed on Windows, the instance provides a GUI.
True or False? - Answers-False, Universal Forwarders do not have a GUI on Windows
or any other OS.
This command will create stanza(s) in which file?
splunk add forward-server indexer:recieving-port
A. props.conf
B. outputs.conf
C. inputs.conf
D. indexes.conf - Answers-B
Knowledge bundles contain the knowledge objects required by the indexers for
searching.
True or False? - Answers-True
A quarantined search peer is prevented from performing new searches but continues to
attempt to service any currently running search.
True or False? - Answers-True
, When adding a Search Peer (Search Head), you have to enter a username/password of
an account on the search peer, and the account must have the edit_roles capability.
True or False? - Answers-False, the account must have edit_user capability.
Search Head Clustering and Indexer clustering are the only two types of clustering
provided by Splunk.
True or False? - Answers-True
Which of the following are true about splunkd:
(Select all that apply)
A. Runs on port 8089 using SSL
B. Spawns and controls Splunk child processes
C. Accesses, processes, and indexes incoming data
D. Handles all search requests and returns results
E. All of the above - Answers-E
Monitoring Console (MC) can be used by the user and power user roles.
True or False? - Answers-False, only admin role can use MC
MC runs un-configured in standalone mode by default.
True or False? - Answers-True
The Monitoring Console does not come with preconfigured health checks.
True or False? - Answers-False, MC does come with preconfigured health checks
Health checks can be disabled, modified, created and exported.
True or False? - Answers-True
Splunk Enterprise versions 6.5+ provides warnings, but does not disable searching
during the violation period.
True or False? - Answers-True
What counts against your daily license quota?
(Select all that apply)
A. All data from all sources that are indexed
B. Replicated data (Index Clusters)
C. Summary indexes
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79202 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now