Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

SPLK-1005 Exam Dumps - Splunk Certification Questions and Answers

Question # 14

Which of the following is correct in regard to configuring a Universal Forwarder as an Intermediate Forwarder?

Options:

A.

This can only be turned on using the Settings > Forwarding and Receiving menu in Splunk Web/UI.

B.

The configuration changes can be made using Splunk Web. CU, directly in configuration files, or via a deployment app.

C.

The configuration changes can be made using CU, directly in configuration files, or via a deployment app.

D.

It is only possible to make this change directly in configuration files or via a deployment app.

Buy Now
Question # 15

By default, which of the following capabilities are granted to the sc_admin role?

Options:

A.

indexes_edit, edit___token, admin_all_objects, delete_by_keyword

B.

indexes_edit, fsh_manage, acs_conf, list_indexesdiscovert

C.

indexes_edit, fsh_manage, admin_all_objects can_delete

D.

indexes_edit, edit_token_http, admin _all objects, edit limits_conf

Buy Now
Question # 16

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

Options:

A.

Any token will be accepted by HEC, the data may just end up in the wrong index.

B.

A token is generated when configuring a HEC input, which should be provided to the application developers.

C.

Obtain a token from the organization's application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.

D.

Open a support case for each new data input and a token will be provided.

Buy Now
Question # 17

What can be used in a Splunk Cloud environment to create new sourcetypes?

Options:

A.

Data Preview

B.

props. conf can be edited directly from the GUI

C.

Splunk's CLI

D.

Deployment Server

Buy Now
Question # 18

Which of the following is true when integrating LDAP authentication?

Options:

A.

Splunk stores LDAP end user names and passwords on search heads.

B.

The mapping of LDAP groups to Splunk roles happens automatically.

C.

Splunk Cloud only supports Active Directory LDAP servers.

D.

New user data is cached the first time a user logs in.

Buy Now
Question # 19

Which of the following methods is valid for creating index-time field extractions?

Options:

A.

Use the UI to create a sourcetype, specify the field name and corresponding regular expression with capture statement.

B.

Create a configuration app with the index-time props.conf and/or transfoms. conf, and upload the app via UI.

C.

Use the CU app to define settings in fields.conf, and restart Splunk Cloud.

D.

Use the rex command to extract the desired field, and then save as a calculated field.

Buy Now
Question # 20

Which of the following is a correct statement about Universal Forwarders?

Options:

A.

The Universal Forwarder must be able to contact the license master.

B.

A Universal Forwarder must connect to Splunk Cloud via a Heavy Forwarder.

C.

A Universal Forwarder can be an Intermediate Forwarder.

D.

The default output bandwidth is 500KBps.

Buy Now
Question # 21

A Splunk Cloud administrator is looking to allow a new group of Splunk users in the marketing department to access the Splunk environment and view a dashboard with relevant data. These users need to access marketing data (stored in the marketing_data index), but shouldn't be able to access other data, such as events related to security or operations.

Which approach would be the best way to accomplish these requirements?

Options:

A.

Create a new user with access to the marketing_data index assigned.

B.

Create a new role that inherits the user role and remove the capability to search indexes other than marketing_data.

C.

Create a new role that inherits the admin rote and assign access to the marketing_dat.a index.

D.

Create a new role that does not inherit from any other role, turn on the same capabilities as the user role, and assign access to the marketing_data index.

Buy Now
Question # 22

Where is the recommended place to deploy input apps that are not permitted on Splunk Cloud?

Options:

A.

Universal Forwarder or Heavy Forwarder.

B.

Heavy Forwarder only.

C.

Universal Forwarder only.

D.

Apps cannot be installed on on-prem instances.

Buy Now
Question # 23

In Splunk terminology, what is an index?

Options:

A.

A data repository that contains raw, compressed data along with psidx files.

B.

A data repository that contains raw, compressed data along with tsidx files.

C.

A data repository that contains raw, uncompressed data along with psidx files.

D.

A data repository that contains raw, uncompressed data along with tsidx files.

Buy Now
Exam Code: SPLK-1005
Exam Name: Splunk Cloud Certified Admin
Last Update: Apr 3, 2025
Questions: 80
SPLK-1005 pdf

SPLK-1005 PDF

$25.5  $84.99
SPLK-1005 Engine

SPLK-1005 Testing Engine

$28.5  $94.99
SPLK-1005 PDF + Engine

SPLK-1005 PDF + Testing Engine

$40.5  $134.99