Splunk SPLK-1005 Practice Exams
Last updated on Apr 01,2025- Exam Code: SPLK-1005
- Exam Name: Splunk Cloud Certified Admin
- Certification Provider: Splunk
- Latest update: Apr 01,2025
What syntax is required in inputs.conf to ingest data from files or directories?
- A . A monitor stanza, sourcetype, and Index is required to ingest data.
- B . A monitor stanza, sourcetype, index, and host is required to ingest data.
- C . A monitor stanza and sourcetype is required to ingest data.
- D . Only the monitor stanza is required to ingest data.
Files from multiple systems are being stored on a centralized log server. The files are organized into directories based on the original server they came from.
Which of the following is a recommended approach for correctly setting the host values based on their origin?
- A . Use the host segment, setting.
- B . Set host = * in the monitor stanza.
- C . The host value cannot be dynamically set.
- D . Manually create a separate monitor stanza for each host, with the nose = value set.
Which of the following statements is true about data transformations using SEDCMD?
- A . Can only be used to mask or truncate raw data.
- B . Configured in props.conf and transform.conf.
- C . Can be used to manipulate the sourcetype per event.
- D . Operates on a REGEX pattern match of the source, sourcetype, or host of an event.
A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role.
How should they accomplish this?
- A . Ask the LDAP administrator to move Mia’s account to an appropriately mapped LDAP group.
- B . Have Mia log into Splunk, then update her own role in user settings.
- C . Create a role named Power in Splunk, then map Mia’s account to that role.
- D . Use the Cloud Monitoring Console app as an administrator to map Mia’s account to the power role.
Li was asked to create a Splunk configuration to monitor syslog files stored on Linux servers at their organization. This configuration will be pushed out to multiple systems via a Splunk app using the on-prem deployment server.
The system administrators have provided Li with a directory listing for the logging locations on three syslog hosts, which are representative of the file structure for all systems collecting this data.
An example from each system is shown below:
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchase/transactions. log that has the following format:
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
What is the default port for sending data via HTTP Event Collector to Splunk Cloud?
- A . 443
- B . 8088
- C . 9997
- D . 8000
Which of the following statements is true regarding sedcmd?
- A . SEDCMD can be defined in either props.conf or transforms.conf.
- B . SEDCMD does not work on Windows-based installations of Splunk.
- C . SEDCMD uses the same syntax as Splunk’s replace command.
- D . SEDCMD provides search and replace functionality using regular expressions and substitutions.
What two files are used in the data transformation process?
- A . parsing.conf and transforms.conf
- B . props.conf and transforms.conf
- C . transforms.conf and fields.conf
- D . transforms.conf and sourcetypes.conf
In Splunk Cloud, which of the following statements regarding REST API is true?
- A . REST API and Splunk HEC are on the same port.
- B . All REST API endpoints are open and available by default.
- C . REST API is not available in Splunk Cloud.
- D . A subset of REST API endpoints are enabled for customers to manage Splunk.