Which Splunk component distributes apps and certain other configuration updates to search head cluster members?
Correct Answer: C
https://docs.splunk.com/Documentation/Splunk/8.0.5/Updating/Updateconfigurations First line says it all: "The deployment server distributes deployment apps to clients."
Question 102
What will the following inputs. conf stanza do? [script://myscript . sh] Interval=0
Correct Answer: C
The inputs.conf file is used to configure inputs, distributed inputs such as forwarders, and file system monitoring in Splunk1. The [script://myscript.sh] stanza specifies a script input, which means that Splunk runs the script and indexes its output1. The interval setting determines how often Splunk runs the script. If the interval is set to 0, the script runs only once when Splunk starts up1. If the interval is omitted, the script runs at the default interval of 60 seconds2. Therefore, option C is correct, and the other options are incorrect.
Question 103
What is the correct curl to send multiple events through HTTP Event Collector?
Correct Answer: B
Explanation curl "https://mysplunkserver.example.com:8088/services/collector" \ -H "Authorization: Splunk DF4S7ZE4-3GS1-8SFS-E777-0284GG91PF67" \ -d '{"event": "Hello World"}, {"event": "Hola Mundo"}, {"event": "Hallo Welt"}'. This is the correct curl command to send multiple events through HTTP Event Collector (HEC), which is a token-based API that allows you to send data to Splunk Enterprise from any application that can make an HTTP request. The command has the following components: The URL of the HEC endpoint, which consists of the protocol (https), the hostname or IP address of the Splunk server (mysplunkserver.example.com), the port number (8088), and the service name (services/collector). The header that contains the authorization token, which is a unique identifier that grants access to the HEC endpoint. The token is prefixed with Splunk and enclosed in quotation marks. The token value (DF4S7ZE4-3GS1-8SFS-E777-0284GG91PF67) is an example and should be replaced with your own token value. The data payload that contains the events to be sent, which are JSON objects enclosed in curly braces and separated by commas. Each event object has a mandatory field called event, which contains the raw data to be indexed. The event value can be a string, a number, a boolean, an array, or another JSON object. In this case, the event values are strings that say hello in different languages.
Question 104
When does a warm bucket roll over to a cold bucket?
Correct Answer: D
Explanation https://docs.splunk.com/Documentation/Splunk/8.1.1/Indexer/HowSplunkstoresindexes Once further conditions are met (for example, the index reaches some maximum number of warm buckets), the indexer begins to roll the warm buckets to cold, based on their age. It always selects the oldest warm bucket to roll to cold. Buckets continue to roll to cold as they age in this manner. Cold buckets reside in a different location from hot and warm buckets. You can configure the location so that cold buckets reside on cheaper storage.
Question 105
User role inheritance allows what to be inherited from the parent role? (select all that apply)
