Page: 1
/
16
Total 80 questions
Curious about Actual Splunk Cloud Certified Admin (SPLK-1005) Exam Questions?
Here are sample Splunk Cloud Certified Admin (SPLK-1005) Exam questions from real exam. You can get more Splunk Cloud Certified Admin (SPLK-1005) Exam premium practice questions at TestInsights.
Question 1
Which of the following tasks is the responsibility of a Splunk Cloud administrator?
Correct : D
In Splunk Cloud, configuring indexes is one of the primary responsibilities of a Splunk Cloud administrator. This task includes setting up new indexes, managing retention policies, and configuring index settings as required by the organization's data retention and compliance policies. Other tasks like configuring deployer, cluster master, or indexers are typically handled by Splunk Enterprise administrators, not Splunk Cloud administrators.
Splunk Documentation Reference: Splunk Cloud Administrator Guide
Start a Discussions
Submit Your Answer:
Question 2
Which statement is true about monitor inputs?
Correct : B
The statement about monitor inputs that is true is that the ignoreOlderThan option allows files to be ignored based on their file modification time. This setting helps prevent Splunk from indexing older data that is not relevant or needed.
Splunk Documentation Reference: Monitor files and directories
Start a Discussions
Submit Your Answer:
Question 3
Where is the recommended place to deploy input apps that are not permitted on Splunk Cloud?
Correct : A
For input apps that are not permitted on Splunk Cloud, the recommended place to deploy them is on a Universal Forwarder or Heavy Forwarder. These forwarders handle data collection and preprocessing before sending the data to Splunk Cloud. This setup allows organizations to leverage apps and configurations that are not supported directly in the cloud environment.
Splunk Documentation Reference: Forwarding Data to Splunk Cloud
Start a Discussions
Submit Your Answer:
Question 4
The following sample log event shows evidence of credit card numbers being present in the transactions. loc file.
Which of these SEDCM3 settings will mask this and other suspected credit card numbers with an Y character for each character being masked? The indexed event should be formatted as follows:
A)
B)
C)
D)
Correct : A
The correct SEDCMD setting to mask the credit card numbers, ensuring that the masked version replaces each digit with an 'x' character, is Option A.
The SEDCMD syntax works as follows:
s/ starts the substitute command.
(?cc_num=\d{7})\d{9}/ matches the specific pattern of the credit card number in the logs.
\1xxxxxxxxx replaces the matched portion with the first captured group (the first 7 digits of the cc_num), followed by 9 'x' characters to mask the remaining digits.
/g ensures that the substitution is applied globally, throughout the string.
Thus, Option A correctly implements this requirement.
Splunk Documentation Reference: SEDCMD for Masking Data
Start a Discussions
Submit Your Answer:
Question 5
Which of the following is a correct statement about Universal Forwarders?
Correct : C
A Universal Forwarder (UF) can indeed be configured as an Intermediate Forwarder. This means that the UF can receive data from other forwarders and then forward that data on to indexers or Splunk Cloud, effectively acting as a relay point in the data forwarding chain.
Option A is incorrect because a Universal Forwarder does not need to contact the license master; only indexers and search heads require this.
Option B is incorrect as Universal Forwarders can connect directly to Splunk Cloud or via other forwarders.
Option D is also incorrect because the default output bandwidth limit for a UF is typically much higher than 500KBps (default is 256KBps per pipeline, but can be configured).
Splunk Documentation Reference: Universal Forwarder
Start a Discussions
Submit Your Answer:
All Official Question Types