Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Splunk SPLK-1003 Practice Exam with Questions & Answers

Questions 1

When deploying apps, which attribute in the forwarder management interface determines the apps that clients install?

Options:
A.

App Class

B.

Client Class

C.

Server Class

D.

Forwarder Class

Splunk SPLK-1003 Premium Access
Questions 2

On the deployment server, administrators can map clients to server classes using client filters. Which of the

following statements is accurate?

Options:
A.

The blacklist takes precedence over the whitelist.

B.

The whitelist takes precedence over the blacklist.

C.

Wildcards are not supported in any client filters.

D.

Machine type filters are applied before the whitelist and blacklist.

Questions 3

Which of the following statements accurately describes using SSL to secure the feed from a forwarder?

Options:
A.

It does not encrypt the certificate password.

B.

SSL automatically compresses the feed by default.

C.

It requires that the forwarder be set to compressed=true.

D.

It requires that the receiver be set to compression=true.

Questions 4

After an Enterprise Trial license expires, it will automatically convert to a Free license. How many days is an Enterprise Trial license valid before this conversion occurs?

Options:
A.

90 days

B.

60 days

C.

7 days

D.

14 days

Questions 5

In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?

Options:
A.

services/ collector

B.

services/ inputs ? raw

C.

services/ data/ collector

D.

data/ collector

Questions 6

In addition to single, non-clustered Splunk instances, what else can the deployment server push apps to?

Options:
A.

Universal forwarders

B.

Splunk Cloud

C.

Linux package managers

D.

Windows using WMI

Questions 7

Which configuration files are used to transform raw data ingested by Splunk? (Choose all that apply.)

Options:
A.

props.conf

B.

inputs.conf

C.

rawdata.conf

D.

transforms.conf

Questions 8

A request has been made to restrict lookup files up to 500 megabytes for replication . Anything larger should not be replicated . Which of the following parameters provides the correct control for this scenario?

Options:
A.

maxBundleSize

B.

maxMemoryBundleSize

C.

excludeReplicatedLookupSize

D.

includeReplicatedLookupSize

Questions 9

Which is a valid stanza for a network input?

Options:
A.

[udp://172.16.10.1:9997]connection = dnssourcetype = dns

B.

[any://172.16.10.1:10001]connection_host = ipsourcetype = web

C.

[tcp://172.16.10.1:9997]connection_host = websourcetype = web

D.

[tcp://172.16.10.1:10001]connection_host = dnssourcetype = dn s

Questions 10

Which of the following monitor inputs stanza headers would match all of the following files?

/var/log/www1/secure.log

/var/log/www/secure.l

/var/log/www/logs/secure.logs

/var/log/www2/secure.log

Options:
A.

[monitor:///var/log/.../secure.*

B.

[monitor:///var/log/www1/secure.*]

C.

[monitor:///var/log/www1/secure.log]

D.

[monitor:///var/log/www*/secure.*]

Exam Code: SPLK-1003
Certification Provider: Splunk
Exam Name: Splunk Enterprise Certified Admin
Last Update: Jul 6, 2026
Questions: 206