Splunk SPLK-1005 Practice Exams
Last updated on Apr 07,2025- Exam Code: SPLK-1005
- Exam Name: Splunk Cloud Certified Admin
- Certification Provider: Splunk
- Latest update: Apr 07,2025
For the following data, what would be the correct attribute/value oair to use to successfully extract the correct timestamp from all the events?
- A . TIMK_FORMAT = %b %d %H:%M:%S %z
- B . DATETIME CONFIG = %Y-%m-%d %H:%M:%S %2
- C . TIME_FORMAT = %b %d %H:%M:%S
- D . DATETIKE CONFIG = Sb %d %H:%M:%S
In case of a Change Request, which of the following should submit a support case for Splunk Support?
- A . The party requesting the change.
- B . Certified Splunk Cloud administrator.
- C . Splunk infrastructure owner.
- D . Any person with the appropriate entitlement
Which file or folder below is not a required part of a deployment app?
- A . app.conf (in default or local)
- B . local.meta
- C . metadata folder
- D . props.conf
Which of the following is the default bandwidth limit in the Splunk Universal Forwarder credentials package?
- A . 0KBps
- B . 256 KBps
- C . 512 KBps
- D . 1024 KBps
When a forwarder phones home to a Deployment Server it compares the check-sum value of the forwarder’s app to the Deployment Server’s app.
What happens to the app If the check-sum values do not match?
- A . The app on the forwarder is always deleted and re-downloaded from the Deployment Server.
- B . The app on the forwarder is only deleted and re-downloaded from the Deployment Server if the forwarder’s app has a smaller check-sum value.
- C . The app is downloaded from the Deployment Server and the changes are merged.
- D . A warning is generated on the Deployment Server stating the apps are out of sync. An Admin will need to confirm which version of the app should be used.
When creating a new index, which of the following is true about archiving expired events?
- A . Store expired events in private AWS-based storage.
- B . Expired events cannot be archived.
- C . Archive some expired events from an index and discard others.
- D . Store expired events on-prem using your own storage systems.
Configuration folders named default contain configuration files/settings specified in the Splunk product or default settings specified in apps.
Which of the following is recommended to override these settings?
- A . It does not matter whether setting overrides are placed in default or local folders. Both are equally acceptable since Splunk will merge all the files together into one runtime model after each restart.
- B . Any settings to be overridden should be modified in-place wherever the setting was found originally. For example, if overriding a setting originally found in system/default, it should be overridden there to ensure that the desired value is used by Splunk.
- C . Overrides should be placed in a folder named local, ideally within a custom Splunk app. This ensures the overrides are preserved upon product or app upgrade and will also be easier to maintain/support.
- D . Try to store all configuration overrides in system/local folder to keep all configurations in one place. This ensures the modification has the highest precedence over all other configuration entries.
When using Splunk Universal Forwarders, which of the following is true?
- A . No more than six Universal Forwarders may connect directly to Splunk Cloud.
- B . Any number of Universal Forwarders may connect directly to Splunk Cloud.
- C . Universal Forwarders must send data to an Intermediate Forwarder.
- D . There must be one Intermediate Forwarder for every three Universal Forwarders.
Which of the following statements regarding apps in Splunk Cloud is true?
- A . Self-service install of premium apps is possible.
- B . Only Cloud certified and vetted apps are supported.
- C . Any app that can be deployed in an on-prem Splunk Enterprise environment is also supported on Splunk Cloud.
- D . Self-service install is available for all apps on Splunkbase.
Which of the following is not considered a best practice for the deployment server?
- A . Create small, single-purpose deployment apps.
- B . Dedicate a Splunk instance as the deployment server.
- C . Use a Linux server as the deployment server.
- D . Create large, multi-purpose deployment apps.