最新的Splunk SPLK-3003免費考試真題

問題1

A customer would like to remove the output_file capability from users with the default user role to stop them from filling up the disk on the search head with lookup files. What is the best way to remove this capability from users?

A. Edit the default user role and remove the output_file capability.

B. Clone the default user role, remove the output_file capability, and assign it to the users.

C. Create a new role with the output_file capability that inherits the default user role and assign it to the users.

D. Create a new role without the output_file capability that inherits the default user role and assign it to the users.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題2

What is required to setup the HTTP Event Collector (HEC)?

A. Each HEC input entry must contain a valid token.

B. Each HEC input requires a Source name field.

C. Each HEC input requires an existing forwarder output group.

D. Each HEC input requires a unique name but token values can be shared.

正確答案: A

問題3

When a bucket rolls from cold to frozen on a clustered indexer, which of the following scenarios occurs?

A. Nothing. Replicated copies of the bucket will remain on all other indexers until a local retention rule causes it to roll.3

B. All replicated copies will be rolled to frozen; original copies will remain.

C. The bucket rolls to frozen on all clustered indexers simultaneously.

D. Replicated copies of the bucket will remain on all other indexers and the Cluster Master (CM) assigns a new primary bucket.

正確答案: D

說明：（僅 Fast2test 成員可見）

問題4

A site from a multi-site indexer cluster needs to be decommissioned. Which of the following actions must be taken?

A. Remove the site from the list of available sites and create an alias for where the new data should be sent.

B. Create an alias for where the new data should be sent.

C. Remove the site from the list of available sites.

D. Nothing. Decommissioning a site is not possible.

正確答案: A

說明：（僅 Fast2test 成員可見）

問題5

A customer wants to migrate from using Splunk local accounts to use Active Directory with LDAP for their Splunk user accounts instead. Which configuration files must be modified to connect to an Active Directory LDAP provider?

A. authentication.conf

B. authentication.conf, ldap.conf

C. authorize.conf, authentication.conf

D. authentication.conf, authorize.conf, ldap.conf

正確答案: A

說明：（僅 Fast2test 成員可見）

問題6

Which of the following server.conf stanzas indicates the Indexer Discovery feature has not been fully configured (restart pending) on the Master Node?

A.

B.

C.

D.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題7

A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?

A. btprobe

B. oneshot

C. list monitor

D. tailingprocessor

正確答案: D

說明：（僅 Fast2test 成員可見）

問題8

When adding a new search head to a search head cluster (SHC), which of the following scenarios occurs?

A. The new search head connects to the deployer and replays any recent configuration changes to bring it up to date.

B. The new search head connects to the captain and replays any recent configuration changes to bring it up to date.

C. The new search head connects to the deployer and pulls the most recently deployed bundle. It then connects to the captain and replays any recent configuration changes to bring it up to date.

D. The new search head connects to the captain and pulls the most recently deployed bundle. It then connects to the deployer and replays any recent configuration changes to bring it up to date.

正確答案: C

說明：（僅 Fast2test 成員可見）

問題9

When monitoring and forwarding events collected from a file containing unstructured textual events, what is the difference in the Splunk2Splunk payload traffic sent between a universal forwarder (UF) and indexer compared to the Splunk2Splunk payload sent between a heavy forwarder (HF) and the indexer layer?
(Assume that the file is being monitored locally on the forwarder.)

A. The UF will generally send the payload in the same format, but only when the sourcetype is specified in the inputs.conf and EVENT_BREAKER_ENABLE is set to true.

B. The UF sends a stream of data containing one set of medata fields to represent the entire stream, whereas the HF sends individual events, each with their own metadata fields attached, resulting in a lager payload.

C. The payload format sent from the UF versus the HF is exactly the same. The payload size is identical because they're both sending 64K chunks.

D. The HF sends a stream of 64K TCP chunks with one set of metadata fields attached to represent the entire stream, whereas the UF sends individual events, each with their own metadata fields attached.

正確答案: B

最新的Splunk Core Certified Consultant - SPLK-3003免費考試真題

聯系我們

站內鏈接

最新更新