リアルSPLK-1003試験PDFテストエンジン 練習テスト問題
Splunk SPLK-1003リアル2023年最新のブレーン問題集で模擬試験問題集
質問 # 13
Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations found in props.conf to be validated all through the UI?
- A. Data preview
- B. Apps
- C. Search
- D. Forwarder inputs
正解:A
解説:
http://www.splunk.com/view/SP-CAAAGPR
質問 # 14
Which of the following describes a Splunk deployment server?
- A. A Splunk app installed on a Splunk Enterprise server.
- B. A server that automates the deployment of Splunk Enterprise to remote servers.
- C. A Splunk Enterprise server that distributes apps.
- D. A Splunk Forwarder that deploys data to multiple indexers.
正解:C
解説:
A Splunk deployment server is a system that distributes apps, configurations, and other assets to groups of Splunk Enterprise instances. You can use it to distribute updates to most types of Splunk Enterprise components: forwarders, non-clustered indexers, and search heads2.
A Splunk deployment server is available on every full Splunk Enterprise instance. To use it, you must activate it by placing at least one app into %SPLUNK_HOME%\etc\deployment-apps on the host you want to act as deployment server3.
A Splunk deployment server maintains the list of server classes and uses those server classes to determine what content to distribute to each client. A server class is a group of deployment clients that share one or more defined characteristics1.
A Splunk deployment client is a Splunk instance remotely configured by a deployment server. Deployment clients can be universal forwarders, heavy forwarders, indexers, or search heads. Each deployment client belongs to one or more server classes1.
A Splunk deployment app is a set of content (including configuration files) maintained on the deployment server and deployed as a unit to clients of a server class. A deployment app can be an existing Splunk Enterprise app or one developed solely to group some content for deployment purposes1.
Therefore, option C is correct, and the other options are incorrect.
質問 # 15
A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data
45 days old and newer from that log file?
- A. includeNewerThan = -35d
- B. ignoreOlderThan = 45d
- C. followTail = -45d
- D. ignore = 45d
正解:B
質問 # 16
Local user accounts created in Splunk store passwords in which file?
- A. $ SPLUNK HCME/etc/users/authentication.conf
- B. $ SFLUNK_KCME/etc/authentication
- C. $ SFLUNK_KOME/etc/passwd
- D. $ S?LUNK_HCME/etc/users/passwd.conf
正解:C
質問 # 17
After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?
- A. 60 days
- B. 7 days
- C. 14 days
- D. 90 days
正解:A
質問 # 18
Which forwarder is recommended by Splunk to use in a production environment?
- A. Heavy forwarder
- B. SSL forwarder
- C. Universal forwarder
- D. Lightweight forwarder
正解:C
質問 # 19
When running the command shown below, what is the default path in which deployment server. conf is created?
splunk set deploy-poll deployServer:port
- A. SPLUNK_HOME/etc/system/default
- B. SFLUNK_HOME/etc/deployment
- C. SPLUNK_HOME/etc/system/local
- D. SPLUNK_KOME/etc/apps/deployment
正解:C
質問 # 20
Given a forwarder with the following outputs.conf configuration:
[tcpout : mypartner]
Server = 145.188.183.184:9097
[tcpout : hfbank]
server = inputsl . mysplunkhfs . corp : 9997 , inputs2 . mysplunkhfs . corp : 9997 Which of the following is a true statement?
- A. Data is encrypted to mypartner because 145.183.184 : 9097 is specified by IP.
- B. Data will eventually stop flowing everywhere if 145.188.183.184 : 9097 is unreachable.
- C. Data will continue to flow to hfbank if 145.1 g a) 183.184 : 9097 is unreachable.
- D. Data is not encrypted to mypartner because 145.188 .183.184 : 9097 is specified by IP.
正解:C
解説:
The outputs.conf file defines how forwarders send data to receivers1. You can specify some output configurations at installation time (Windows universal forwarders only) or the CLI, but most advanced configuration settings require that you edit outputs.conf1.
The [tcpout:...] stanza specifies a group of forwarding targets that receive data over TCP2. You can define multiple groups with different names and settings2.
The server setting lists one or more receiving hosts for the group, separated by commas2. If you specify multiple hosts, the forwarder load balances the data across them2.
Therefore, option A is correct, because the forwarder will send data to both inputsl.mysplunkhfs.corp:9997 and inputs2.mysplunkhfs.corp:9997, even if 145.188.183.184:9097 is unreachable.
質問 # 21
An organization wants to collect Windows performance data from a set of clients, however, installing Splunk software on these clients is not allowed. What option is available to collect this data in Splunk Enterprise?
- A. Use Local Windows host monitoring.
- B. Use Windows Remote Inputs with WMI.
- C. Use Local Windows network monitoring.
- D. Use an index with an Index Data Type of Metrics.
正解:B
解説:
https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/ConsiderationsfordecidinghowtomonitorWindowsdata
"The Splunk platform collects remote Windows data for indexing in one of two ways: From Splunk forwarders, Using Windows Management Instrumentation (WMI). For Splunk Cloud deployments, you must use the Splunk Universal Forwarder on a Windows machines to montior remote Windows data."
質問 # 22
Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)
- A. transforms.conf
- B. rawdata.conf
- C. props.conf
- D. inputs.conf
正解:C
解説:
Explanation
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/8.0.5/Data/Configuretimestamprecognition
質問 # 23
Where should apps be located on the deployment server that the clients pull from?
- A. $SPLUNK_HOME/etc/search
- B. $SPLUNK_HOME/etc/master-apps
- C. $SPLUNK_HOME/etc/deployment-apps
- D. $SPLUNK_HOME/etc/apps
正解:D
解説:
Explanation/Reference: https://answers.splunk.com/answers/371099/how-to-configure-deployment-apps-to-push-to- client.html
質問 # 24
When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?
- A. Server Class
- B. Forwarder Class
- C. Client Class
- D. App Class
正解:A
質問 # 25
How would you configure your distsearch.conf to allow you to run the search below?
sourcetype=access_combined status=200 action=purchase splunk_server_group=HOUSTON
- A. [distributedSearch]
servers =nyc1:8089; nyc2:8089; houston1:8089; houston2:8089
[distributedSearch:NYC]
default = false
servers = nyc1:8089; nyc2:8089
[distributedSearch:HOUSTON]
default = false
servers = houston1:8089; houston2:8089 - B. [distributedSearch]
servers =nyc1:8089, nyc2:8089, houston1:8089, houston2:8089
[distributedSearch:NYC]
default = false
servers = nyc1:8089, nyc2:8089
[distributedSearch:HOUSTON]
default = false
servers = houston1:8089, houston2:8089 - C. [distributedSearch:NYC]
default = false
servers = nyc1:8089, nyc2:8089
[distributedSearch:HOUSTON]
default = false
servers = houston1:8089, houston2:8089 - D. [distributedSearch]
servers =nyc1, nyc2, houston1, houston2
[distributedSearch:NYC]
default = false
servers = nyc1, nyc2
[distributedSearch:HOUSTON]
default = false
servers = houston1, houston2
正解:A
質問 # 26
Which of the following are reasons to create separate indexes? (Choose all that apply.)
- A. File organization.
- B. Restrict user permissions.
- C. Increase number of users.
- D. Different retention times.
正解:B、D
質問 # 27
Which of the following must be done to define user permissions when integrating Splunk with LDAP?
- A. Map Groups
- B. Map LDAP to Active Directory
- C. Map Users
- D. Map LDAP Inheritance
正解:A
解説:
Explanation
https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureLDAPwithSplunkWeb
"You can map either users or groups, but not both. If you are using groups, all users must be members of an appropriate group. Groups inherit capabilities form the highest level role they're a member of." "If your LDAP environment does not have group entries, you can treat each user as its own group."
質問 # 28
......
最速準備で試験合格!SPLK-1003問題の事前予備:https://www.jpntest.com/shiken/SPLK-1003-mondaishu