Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Splunk SPLK-1003 Practice Exam with Questions & Answers | Set: 2

Questions 11

A security team needs to ingest a static file for a specific incident. The log file has not been collected previously and future updates to the file must not be indexed.

Which command would meet these needs?

Options:
A.

splunk add one shot / opt/ incident [data .log —index incident

B.

splunk edit monitor /opt/incident/data.* —index incident

C.

splunk add monitor /opt/incident/data.log —index incident

D.

splunk edit oneshot [opt/ incident/data.* —index incident

Splunk SPLK-1003 Premium Access
Questions 12

Which scenario is applicable given the stanzas in authentication.conf below?

[authentication]

externalTwoFactorAuthVendor = Duo

externalTwoFactorAuthSettings = duoMFA

[duoMFA]

integrationKey = aGFwcHliaXJ0aGRheU1pZGR5

secretKey = YXVzdHJhaWxpYW5Gb3JHcmVw

applicationKey = c3BsaW5raW5ndGhlcGx1bWJ1c3NpbmN1OTU

apiHostname = 466993018.duosecurity.com

failOpen = True

timeout = 60

Options:
A.

If Splunk cannot connect to the multifactor authentication provider, all logins will be denied.

B.

Multifactor authentication is required to log into the host operating system.

C.

The secretKey does not need to be protected since multifactor authentication is turned on.

D.

If Splunk cannot connect to the multifactor authentication provider, authentications will be successful without completing a multifactor challenge.

Questions 13

Which artifact is required in the request header when creating an HTTP event?

Options:
A.

ackID

B.

Token

C.

Manifest

D.

Host name

Questions 14

When are knowledge bundles distributed to search peers?

Options:
A.

After a user logs in.

B.

When Splunk is restarted.

C.

When adding a new search peer.

D.

When a distributed search is initiated.

Questions 15

Which of the following statements apply to directory inputs? {select all that apply)

Options:
A.

All discovered text files are consumed.

B.

Compressed files are ignored by default

C.

Splunk recursively traverses through the directory structure.

D.

When adding new log files to a monitored directory, the forwarder must be restarted to take them into account.

Questions 16

What type of Splunk license is pre-selected in a brand new Splunk installation?

Options:
A.

Free license

B.

Forwarder license

C.

Enterprise trial license

D.

Enterprise license

Questions 17

When using license pools, volume allocations apply to which Splunk components?

Options:
A.

Indexers

B.

Indexes

C.

Heavy Forwarders

D.

Search Heads

Questions 18

Which feature in Splunk allows Event Breaking, Timestamp extractions, and any advanced configurations

found in props.conf to be validated all through the UI?

Options:
A.

Apps

B.

Search

C.

Data preview

D.

Forwarder inputs

Questions 19

Which of the following is the recommended guideline for creating a new user role?

Options:
A.

Create a role that incorporates capabilities and index inheritance.

B.

Create a new unique role for each unique user.

C.

There are no recommended guidelines when creating new user roles.

D.

Create two roles based on capabilities and indexes, then utilize inheritance.

Questions 20

Which of the following is true when authenticating users to Splunk using LDAP?

Options:
A.

LDAP group names must match the Splunk role name defined in authorize.conf.

B.

Splunk will search each LDAP strategy in the order in which they are listed in authentication.conf.

C.

Splunk only supports encrypted LDAP connections.

D.

LDAP will take precedence over local users with the same username as defined in etc/passwd.

Exam Code: SPLK-1003
Certification Provider: Splunk
Exam Name: Splunk Enterprise Certified Admin
Last Update: Jul 7, 2026
Questions: 206