SPLK-1003試験無料問題集（181題）「Splunk Enterprise Certified Admin 認定」

出題：1

Which Splunk component performs indexing and responds to search requests from the search head?

A. Search head cluster

B. License master

C. Search peer

D. Forwarder

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which parent directory contains the configuration files in Splunk?

A. SSPLUNK_HOME/var

B. SSPLUNK_HOME/conf

C. SSPLUNK_HOME/default

D. SSFLUNK_HOME/etc

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

The following stanza is active in indexes.conf:
[cat_facts]
maxHotSpanSecs = 3600
frozenTimePeriodInSecs = 2630000
maxTota1DataSizeMB = 650000
All other related indexes.conf settings are default values.
If the event timestamp was 3739283 seconds ago, will it be searchable?

A. Yes, only if the index size is also below 650000 MB.

B. No, because the event time is greater than the retention time.

C. No, because the index will have exceeded its maximum size.

D. Yes, only if the bucket is still hot.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What is the correct example to redact a plain-text password from raw events?

A. in transforms.conf:
[identity]
SEDCMD-redact_pw = s/password=([^,|/s]+)/ ####REACTED####/g

B. in props.conf:
[identity]
SEDCMD-redact_pw = s/password=([^,|/s]+)/ ####REACTED####/g

C. in transforms.conf:
[identity]
REGEX-redact_pw = s/password=([^,|/s]+)/ ####REACTED####/g

D. in props.conf:
[identity]
REGEX-redact_pw = s/password=([^,|/s]+)/ ####REACTED####/g

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which additional component is required for a search head cluster?

A. Monitoring Console

B. Deployer

C. Management Console

D. Cluster Master

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

What is a role in Splunk? (select all that apply)

A. A classification that determines what indexes a user can search.

B. A classification that determines if a Splunk server can remotely control another Splunk server.

C. A classification that determines what functions a Splunk server controls.

D. A classification that determines what capabilities a user has.

正解：A,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What event-processing pipelines are used to process data for indexing? (select all that apply)

A. fifo pipeline

B. Typing pipeline

C. Indexing pipeline

D. Parsing pipeline

正解：C,D 解答を投票する

出題：8

A new forwarder has been installed with a manually created deploymentclient.conf.
What is the next step to enable the communication between the forwarder and the deployment server?

A. Wait for up to the time set in the phoneHomeIntervalInSecs setting.

B. Restart Splunk on the deployment server.

C. Restart Splunk on the deployment client.

D. Enable the deployment client in Splunk Web under Forwarder Management.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Event processing occurs at which phase of the data pipeline?

A. Indexing

B. Input

C. Parsing

D. Search