Free Access to Splunk.SPLK-1003.v2022-02-28.q127 with Valid Practice Test (Page 21)

Question 96

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of Splunk component instances are needed?

A.Indexers, search head, deployment server, license master, universal forwarder, heavy forwarder
B.Indexers, search head, universal forwarders, license master
C.Indexers, search head, deployment server, universal forwarders
D.Indexers, search head, deployment server, license master, universal forwarder

Question 97

Which setting in indexes. conf allows data retention to be controlled by time?

A.maxDataRetentionTime
B.maxDaysToKeep
C.frozenTimePeriodlnSecs
D.moveToFrozenAfter

Question 98

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as follows: 123-44-5678.
Which configuration file and stanza pair will mask possible SSNs in the log events?

A.props.conf
[mask-SSN]
REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
KEY = _raw
B.props.conf
[mask-SSN]
REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
DEST_KEY = _raw
C.transforms.conf
[mask-SSN]
REX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
DEST_KEY = _raw
D.transforms.conf
[mask-SSN]
REGEX = (?ms)^(.)\<[SSN>\d{3}-?\d{2}-?(\d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
DEST_KEY = _raw

Question 99

An admin is running the latest version of Splunk with a 500 GB license. The current daily volume of new data is 300 GB per day. To minimize license issues, what is the best way to add 10 TB of historical data to the index?

A.Buy a bigger Splunk license.
B.Add 2.5 TB each day for the next 5 days.
C.Add 200 GB of historical data each day for 50 days.
D.Add all 10 TB in a single 24 hour period.

Question 100

Which is a valid stanza for a network input?

A.[udp://172.16.10.1:9997]
connection = dns
sourcetype = dns
B.[any://172.16.10.1:10001]
connection_host = ip
sourcetype = web
C.[tcp://172.16.10.1:9997]
connection_host = web
sourcetype = web
D.[tcp://172.16.10.1:10001]
connection_host = dns
sourcetype = dns

Question 96

Question 97

Question 98

Question 99

Question 100

Download PDF File