Question 1

If events are not forwarded from the Forwarder to the Splunk cloud, which option is appropriate for troubleshooting?

Options :

A : Execute a ping from the Forwarder and check that the splunk cloud URL can be reached.

B : Check the Fowarder output.log to ensure that forwarding is being carried out properly.

C : Run the oneshot command and check if the event is reachable.

D : Check the _audit index and see if there are any events where the Forwarder is host.

Answer: C

Question 2

Which of the following is a correct statement about Universal Forwarders?

Options :

A : The Universal Forwarder must be able to contact the license master.

B : A Universal Forwarder must connect to Splunk Cloud via a Heavy Forwarder.

C : A Universal Forwarder can be an Intermediate Forwarder.

D : The default output bandwidth is 500KBps.

Answer: C

Question 3

Which bandwidth limit is specified by default in the limits.conf of universal forwarder?

Options :

A : 256KB

B : 128KB

C : 512KB

D : Infinity

Answer: A

Question 4

What can be used in a Splunk Cloud environment to create new sourcetypes?

Options :

A : Data Preview

B : props. conf can be edited directly from the GUI

C : Splunk-s CLI

D : Deployment Server

Answer: A

Question 5

Which statement is true about monitor inputs?

Options :

A : Monitor inputs are configured in the monitor, conf file.

B : The ignoreOlderThan option allows files to be ignored based on the file modification time.

C : ThecrSaltsetting is required.

D :

Monitor inputs can ignore a file-s existing content, indexing new data as it arrives, by configuring the tailProcessor option.

Answer: B

Free SPLK-1005 Mock Exam – Practice Online Confidently