FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Splunk Certified Developer

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Multiple Choice

Review LaterAdd Note

Review Later

How do you remove missing forwarders from the Monitoring Console?

A) By restarting Splunk.
B) By rescanning active forwarders.
C) By reloading the deployment server.
D) By rebuilding the forwarder asset table.

E) B) and D)
F) A) and D)

Correct Answer

verified

Show Answer

Question 22

Multiple Choice

Review LaterAdd Note

Review Later

Which of the following are supported options when configuring optional network inputs?

A) Metadata override, sender filtering options, network input queues (quantum queues)
B) Metadata override, sender filtering options, network input queues (memory/persistent queues)
C) Filename override, sender filtering options, network output queues (memory/persistent queues)
D) Metadata override, receiver filtering options, network input queues (memory/persistent queues)

E) C) and D)
F) A) and B)

Correct Answer

verified

Show Answer

Question 23

Multiple Choice

Review LaterAdd Note

Which of the following must be done to define user permissions when integrating Splunk with LDAP?

When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?

Which of the following are methods for adding inputs in Splunk? (Choose all that apply.)

Which layers are involved in Splunk configuration file layering? (Choose all that apply.)

In which Splunk configuration is the SEDCMD used?

With authentication methods are natively supported within Splunk Enterprise? (Select all that apply.)

What is the valid option for a [monitor] stanza in inputs.conf ?

Which Splunk component consolidates the individual results and prepares reports in a distributed environment?

How is data handled by Splunk during the input phase of the data ingestion process?

If an update is made to an attribute in inputs.conf on a universal forwarder, on which Splunk component would the fishbucket need to be reset in order to reindex the data?

An organization wants to collect Windows performance data from a set of clients, however, installing Splunk software on these clients is not allowed. What option is available to collect this data in Splunk Enterprise?

In a distributed environment, which Splunk component is used to distribute apps and configurations to the other Splunk instances?

Which of the following are supported configuration methods to add inputs on a forwarder? (Select all that apply.)

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

Which Splunk component requires a Forwarder license?

How does the Monitoring Console monitor forwarders?

Which Splunk component performs indexing and responds to search requests from the search head?

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the index?