Exam SPLK-1005: Splunk Cloud Certified Admin
| Exam Number: SPLK-1005 | Length of test: 60 mins |
| Exam Name: Splunk Cloud Certified Admin | Number of questions in the actual exam: 60 |
| Format: PDF, VPLUS | Passing Score: +75% |
Total Questions: 80
FREE
Premium VPLUS file
Download practice test questions
| Title | Size | Hits | Download |
|---|---|---|---|
| Splunk.Premium.SPLK-1005.60q - DEMO | 1.79 MB | 18 | Download |
| Splunk.SPLK-1005.by.Tino.32q | 560.43 KB | 18 | Download |
Some new questions:
Q
A log file is being ingested into Splunk, and a few events have no date stamp. How would Splunk first try to determine the missing date of the events?
A. Splunk will take the date of a previous event within the log file.
B. Splunk will use the current system time of the Indexer for the date.
C. Splunk will use the date of when the file monitor was created.
D. Splunk will take the date from the file modification time.
Q
A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?
A. Ask the LDAP administrator to move Mia’s account to an appropriately mapped LDAP group.
B. Have Mia log into Splunk, then update her own role in user settings.
C. Create a role named Power in Splunk, then map Mia’s account to that role.
D. Use the Cloud Monitoring Console app as an administrator to map Mia’s account to the power role.
Q
Which configuration shown is used to enable a forwarder as a deployment client of the server 10.1.2.3?
A. [target-broker:deploymentServer] targetUri = 10.1.2.3:9997
B. [target-broker:deploymentserver] targetUri = 10.1.2.3:8089
C. [target-broker:deploymentserver] deploymentserver = 10.1.2.3:9997
D. [target-broker:deploymentserver] deploymentserver = 10.1.2.3:8089
Q
What information is identified during the input phase of the ingestion process?
A. Line breaking and timestamp.
B. A hash of the message payload.
C. Metadata fields like sourcetype and host.
D. SRC and DST IP addresses and ports.
Q
Which of the following statements is true regarding sedcmd?
A. SEDCMD can be defined in either props.conf or transforms.conf.
B. SEDCMD does not work on Windows-based installations of Splunk.
C. SEDCMD uses the same syntax as Splunk’s replace command.
D. SEDCMD provides search and replace functionality using regular expressions and substitutions.
………..