SPLK-1005試験無料問題集（102題）「Splunk Cloud Certified Admin 認定」

出題：1

When creating a new index, which of the following is true about archiving expired events?

A. Store expired events in private AWS-based storage.

B. Archive some expired events from an index and discard others.

C. Expired events cannot be archived.

D. Store expired events on-prem using your own storage systems.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which Splunk component primarily provides centralized operational visibility into distributed deployment health metrics continuously?

A. Universal Forwarders generate indexed reports and visual dashboards for enterprise compliance auditing automatically.

B. Search Heads enforce ingestion quotas and validate licensing compliance across clustered infrastructures continuously.

C. Monitoring Console displays infrastructure health dashboards and distributed performance statistics comprehensively.

D. Deployment Server permanently stores archived security events for long-term forensic investigations globally.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

At what point in the indexing pipeline set is SEDCMD applied to data?

A. In the typing pipeline

B. In the parsing queue

C. In the aggregator queue

D. In the exec pipeline

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which configuration file primarily defines forwarding destinations for transmitting events toward remote indexers?

A. props.conf controls field extractions and parsing behavior during indexing operations automatically.

B. transforms.conf applies event routing and masking transformations during search processing activities.

C. outputs.conf specifies destination servers and forwarding behavior for outbound event traffic streams.

D. inputs.conf configures monitored files and local ingestion settings for enterprise data sources.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What is the recommended approach to collect data from network devices?

A. TCP/UDP Feed > Syslog Server with Universal Forwarder > Splunk Cloud

B. TCP/UDP Feed > Heavy Forwarder > Intermediate Forwarder > Splunk Cloud

C. TCP/UDP Feed > Intermediate Forwarder > Heavy Forwarder > Splunk Cloud

D. TCP/UDP Feed > Universal Forwarder > Intermediate Forwarder > Splunk Cloud

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following is true when integrating LDAP authentication?

A. New user data is cached the first time a user logs in.

B. The mapping of LDAP groups to Splunk roles happens automatically.

C. Splunk Cloud only supports Active Directory LDAP servers.

D. Splunk stores LDAP end user names and passwords on search heads.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following is a valid stanza in props. conf?

A. [host:nyc*]

B. [host::nyc*]

C. [sourcetype::linux_secure]

D. [host=nyc25]

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following lists all parameters supported by the acceptFrom argument?

A. IPv4, IPv6, CIDRs, DNS names

B. CIDRs, DNS names, Wildcards

C. IPv4, IPv6, CIDRs, DNS names, Wildcards

D. IPv4. CIDRs, DNS names. Wildcards

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Given the following set of files, which of the monitor stanzas below will result in Splunk monitoring all of the files ending with .log?
Files:
/var/log/www1/secure.log
/var/log/www1/access.log
/var/log/www2/logs/secure.log
/var/log/www2/access.log
/var/log/www2/access.log.1

A. [monitor:///var/log/.../*.log]

B. [monitor:///var/log/*/*.log]

C. [monitor:///var/log/*/*]

D. [monitor:///var/log/.../*]

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-1005試験無料問題集「Splunk Cloud Certified Admin 認定」